ZERO 


Zero  Day  Threat:  A  new  book  explains  how  Microsoft’s  Trustworthy 
Computing  initiative  missed  the  boat  on  cybercrime,  page  28 


. -S 


Camera  phones  are 
everywhere  -  which 
is  prompting  many 
IT  departments  to 
rethink  their  bans  on 
the  devices,  page  12 


the  grill:  Author 
Don  Tapscott  says 
static  Web  sites  are 
out,  ‘mass  collabora 
tion’  is  in.  page  ig 


Security 

How  to  make  security 
awareness  training 
both  cheap  and 
entertaining,  page  32 


Inside 

MAY  26,  2008 

VOL.  42.  NO.  22  S5/C0PY 

News  Analysis 

Critics  say  the  feds 
are  just  pushing  paper 
in  their  annual  reports 
on  internal  IT  security 
efforts,  page  ii 


Careers 

Five  easy  ways 
to  commit  career 
suicide,  page  26 


Don’t  Miss . . . 

Idle  servers  are  the 
devil’s  tools,  eating 
up  energy  while  doing 
nothing,  page  is 


Nearly  seven  years  after  9/11, 
information-sharing  problems 
that  hobble  law  enforcement  are 
just  beginning  to  be  solved. 


-;v,'  -M 


I  need  a  solution  that  runs  like  clockwork  or  I  run  the  risk  of  running  a  lot  of  stairs. 


The  Canon  Color  imageRUNNER 
PRODUCE.  PERSUADE,  PERFORM.  ON  THE  NETWORK. 


.Color 

imageR U N N ER" 

www.usa. canon.com  1-80  0- OK-  CANON 


.RUNNE.R  arc  gist'erecMr  C  non:  tn  the  United  States  aTicl:  may  also  be  registered  trademarks  or  trademarks  i 

sa  tr.M<?n;ask  ot  Canon  fe!  206)8  Canon  USA..  Inc  All  rights  reserved.  Product  shown  with  optional  accessories. 


mage  ANYVI ARE 


COMPUTERWORLD  ■  MAY  26,  2008 


■  NEWS  DIGEST 

6  Users  rely  on  IT  to  combat  high 
gas  prices.  |  Microsoft  plans  to 
add  support  for  the  ODF  and  PDF 
file  formats  to  Office  2007 

8  Portland,  Ore.,  calls  for  help 
from  SAP  on  an  IT  overhaul  suffering 
from  major  scope  creep.  |  EMC 
works  to  make  solid-state  disk 
drives  more  popu¬ 
lar  within  IT. 

10  NASA’s 

Johnson  Space 
Center  fights  off  an 
invasion  of  “crazy 
Rasberry  ants.” 

■  NEWS  ANALYSIS 

11  IT  Security  Report  Card 
Gets  Low  Grade  From  Critics. 

An  annual  report  card  on  federal  IT 
security,  and  the  internal  reports  on 
which  it’s  based,  are  seen  by  skep¬ 
tics  as  just  an  exercise  in  paperwork. 

12  IT  Finally  Opens  Its  Eyes  to 
Camera  Phones.  It’s  hard  to  keep 
gadgets  with  cameras  out  of  users’ 
hands.  So  some  IT  departments 
have  stopped  trying. 

■  OPINION 

4  Editor’s  Note:  Don  Tennant 

learns  that  one’s  strengths  can  often 
be  weaknesses,  as  he  recounts 
Robert  Madge’s  tale  of  the  collapse  of 
his  namesake  networking  company. 

20  Bruce  A.  Stewart  says  giving 
up  some  control  to  business  units 
can  leave  IT  more  in  charge  than 
it  is  when  it  cracks  down  with  a 
command-and-control  approach. 

34  Paul  M.  Ingevaldson  lays 
down  the  rules  for  traveling  CIOs  who 
want  to  count  the  number  of  coun¬ 
tries  they’ve  visited. 

40  Frankly  Speaking:  Frank 
Hayes  goes  down  the  rabbit  hole 
trying  to  follow  the  ins  and  outs  of  the 
XML  file  format  standardization  war 
that  Microsoft  launched. 


■  DEPARTMENTS 


15  On  the  Mark:  Mark  Hall 

reports  that  idle  servers  are  the 
devil’s  tools,  eating  up  energy  while 
doing  nothing. 

16  The  Grill:  Don  Tapscott, 

author  of  Wikinomics,  talks  about 
enabling  “mass  collaboration,”  build¬ 
ing  trust  and  understanding  that  Web 
sites  are  out  and  communities  are  in. 


32  Security  Manager’s 
Journal:  Getting  an  F  and 
Turning  It  Into  Fun.  An  audit 
shows  a  need  for  better  security- 
awareness  training.  But  C.J.  Kelly 
needs  to  find  a  way  to  make  it  both 
cheap  and  entertaining. 

36  Career  Watch:  “I  was  trying  to 
get  my  gun  back  from  the  police”  and 
other  wacky  excuses  for  being  late. 

38  Shark  Tank:  A  software  proj¬ 
ect  that  finishes  on  time,  on  budget 
and  with  hardly  any  problems  is  rare 
enough  that  pilot  fish  thought  it  im¬ 
portant  to  explain  his  secret. 

■  ALSO  IN  THIS  ISSUE 
Letters  5 

Company  Index  38 


■  FEATURES 

22  Criminal  Negligence 

COVER  STORY:  Nearly  seven  years  after  9/11,  information¬ 
sharing  problems  that  have  hobbled  federal,  state  and  local 
law  enforcement  agencies  are  just  beginning  to  be  solved. 


26  Five 
Easy  Ways 
To  Commit 
Career 
Suicide 

IT  MENTOR:  Technology  can 
help  you  shoot  yourself  in  the 
foot,  but  old-fashioned  blun¬ 
ders  can  still  take  you  down 
too.  Here  are  some  tips  to 
elp  you  dodge  the  bullet. 


28  Zero  Day  Threat 

In  this  book  excerpt,  authors  Byron 
Acohido  and  Jon  Swartz  examine  how 
Microsoft’s  Trustworthy  Computing 
initiative  missed  the  boat  on  cybercrime. 


- 


COVER  ILLUSTRATION  BY  ANASTASIA  VASILAKIS 


(Get  Your  Company  Agile 


Once  your  IT  security  is  doing  everything  you  expect  it  to,  have  it  do  something  no  one  would  ever  expect:  Make  your 
company  more  efficient,  more  flexible  and  more  competitive  than  ever  before.  CA's  approach  to  IT  security  centralizes 
Identity  and  Access  Management  (1AM).  That  means  you  can  deploy  applications  faster  and  more  securely  to  capitalize  on 
market  opportunities.  And  with  best-in-class  modularity,  scalability  and  integration,  CA  security  solutions  enable  growth. 
To  learn  more  about  the  full  potential  of  IT  security,  download  the  ebook  at  ca.com/secure. 


GOVERN 


MANAGE 


SECURE 


Transforming 
IT  Management 


m  EDITOR’S  NOTE 

Don  Tennant 

Strengths  and 
Weaknesses 

THERE’S  A  fine  line  between  commitment  and  fo¬ 
cus  on  one  hand,  and  obstinance  and  myopia  on 
the  other.  Or  perhaps  there’s  no  line  at  all.  Maybe 
they  only  differ  when  the  context  differs. 


That’s  the  lesson  I  took 
from  the  16th  World  Con¬ 
gress  on  Information  Tech¬ 
nology  in  Kuala  Lumpur, 
Malaysia,  where  I  moder¬ 
ated  a  couple  of  CIO  panel 
discussions.  Those  discus¬ 
sions  were  phenomenal, 
as  was  the  entire  program 
of  the  three-day  congress. 
But  the  lesson  I  took  away 
didn’t  come  from  the  pro¬ 
ceedings.  It  came  from 
a  discussion  I  had  over 
breakfast  one  morning 
with  Robert  Madge. 

Chances  are  that  name 
rings  a  bell,  if  a  very  distant 
one.  Madge  founded  Madge 
Networks,  a  highflying 
networking  company  in 
the  late  ’80s  and  better  part 
of  the  ’90s  that  built  its 
fortunes  on  the  strength  of 
the  Token  Ring  networking 
protocol  championed  by 
IBM.  In  an  interview  I  con¬ 
ducted  with  Madge  in  1994, 
he  predicted  that  his  com¬ 
pany  would  overtake  IBM 
as  the  Token  Ring  market 
leader  within  three  years. 
He  was  right. 

The  only  problem  was 
that  Madge’s  accomplish¬ 
ment  was  akin  to  overtak¬ 
ing  Sony  to  become  the 
Betamax  market  leader  in 


1985.  Because  of  its  high 
cost  and  complexity  com¬ 
pared  with  Ethernet,  Token 
Ring  was  on  a  downward 
slide  and  would  never  re¬ 
cover. 

Madge  left  the  company 
in  2001,  and  in  2003  Madge 
Networks  filed  for  bank¬ 
ruptcy  protection.  It  was 
subsequently  restructured 
as  Madge  Inc.,  and  in  2006 
it  was  acquired  by  Network 
Technology  in  the  U.K.  and 
merged  into  that  company’s 
Ringdale  arm.  Robert 
Madge  went  on  to  take  an 
interest  in  RFID  and  other 
tracking  technologies,  and 
he  now  serves  as  president 
of  IDtrack  in  Barcelona. 

Over  breakfast  that 
morning,  Madge  recounted 
a  fascinating  tale  of  the  rise 
and  fall  of  his  namesake 
company.  Its  rise  came  on 
the  strength  of  a  singu¬ 
lar  focus  on  Token  Ring 
technology,  and  a  commit- 

■  Madge’s  accom¬ 
plishment  was 
akin  to  overtaking 
Sony  to  become  the 
Betamax  market 
leader  in  1985. 


ment  to  principle  that  was 
epitomized  by  his  refusal  to 
pay  patent  royalties  to  Olof 
Soderblom,  the  IBM  scien¬ 
tist  who  pioneered  Token 
Ring.  Madge  insisted  that 
Soderbiom’s  patent  didn’t 
cover  what  his  company 
and  others,  including  IBM 
and  NCR,  were  doing  with 
Token  Ring. 

It  was  a  costly  battle,  and 
Madge’s  U.S.  sales  dried 
up  for  nine  months.  But 
he  eventually  prevailed  in 
court,  and,  according  to 
Madge,  the  other  compa¬ 
nies  were  able  to  stop  pay¬ 
ing  the  royalties. 

“That  gave  us  huge 
credibility  in  the  business 
afterwards,”  Madge  said. 
“We  were  the  moral  leader 
in  the  sector,  which  had  an 
impact  on  all  aspects  of  our 
business.” 

Yet  it  was  that  same  de¬ 
termination  to  stick  to  his 
guns  that  led  to  his  failure 
to  prevent  his  company’s 
collapse. 

“If  you  step  back  and 
look  at  it,”  Madge  said,  “a 
logical  move  for  a  company 
whose  technology  is  going 
into  decline  but  has  a  cus¬ 
tomer  base,  and  hasn’t  been 
able  to  find  a  way  to  evolve 


f 


the  company,  would  be  to 
merge  with  or  be  sold  to 
another  company.  In  hind¬ 
sight,  it  would  have  been 
the  logical  course.” 

But  despite  the  urging 
of  some  members  of  his 
management  team,  it  was 
a  course  that  Madge  never 
pursued. 

“To  me,  the  company 
was  very  personal,”  Madge 
said.  “I  put  my  name  on  it, 
and  I  came  from  a  culture 
where  companies  were  for 
life.  So  I’m  sure  that  emo¬ 
tionally,  I  wasn’t  in  a  good 
position  to  consider  objec¬ 
tively  whether  it  should  be 
sold  or  not.” 

The  lesson  was  clear. 

“People’s  weaknesses 
and  strengths  are  nor¬ 
mally  the  same  things.  It 
all  depends  on  the  context 
whether  they  turn  out  to  be 
strengths  or  weaknesses,” 
Madge  said.  “The  reason 
why  I  didn’t  see  the  writing 
on  the  wall  when  the  best 
thing  to  do  was  to  sell  the 
company  is  probably  the 
same  reason  why  I  built  the 
company  in  the  first  place.” 

There’s  more  to  the 
story,  which  is  told  in  the 
Q&A  I’ve  posted  in  my 
blog.  My  assessment  is  that 
the  story  is  far  more  one  of 
strength  than  one  of  weak¬ 
ness,  if  for  no  other  reason 
than  that  it  took  remark¬ 
able  strength  to  tell  it.  ■ 

Don  Tennant  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld. 
com/tennant.  / 


4  COMPUTERWORLD  MAY  26,  2008 


■  LETTERS 


A  Timely  Column 

Paul  Glen’s  column  “Facts  and 
Meaning”  [May  5]  was  just  what 
the  doctor  ordered.  I  was  in  the 
middle  of  working  with  department 
colleagues  on  creating  a  vision 
statement  and  —  wham!  —  Glen’s 
column  really  highlighted  what 
we  should  be  looking  for.  We  have 
since  changed  what  the  vision  will 
look  and  feel  like. 

■  Paul  Korcuska,  manufacturing 
manager ,  Delta  Systems  Inc., 
Streetsboro,  Ohio, 
pkorcuska@deltasystemsinc.com 


times,  it  is  manager  ducks,  not  HR, 
who  protect  employee  ducks.  This 
is  especially  a  problem  in  the  fed¬ 
eral  government  but  is  rampant  in 
the  private  sector  as  well. 

If  you  want  to  fix  the  problem,  go 
after  the  management  ducks  with  a 
vengeance  first.  Good  companies  do 
exactly  that.  If  you  don’t  take  care 
of  the  management  ducks,  nothing 
else  you  do  will  matter. 

■  Avraham  Sonenthal, 
consultant,  network  engineering, 
British  Telecom,  Baltimore, 
avisonenthal@yahoo.com 


The  ‘Ducks’  at  the  Top 

Bart  Perkins  is  right  that  “ducks,”  or 
underperforming  employees,  have 
to  be  dealt  with  [“The  Duck  Proj¬ 
ect,”  April  21]. 

However,  he  seems  to  imply  that 
ducks  are  only  found  among  the 
rank-and-file  workers.  There  are 
actually  far  more  ducks  in  manage¬ 
ment.  And  how  to  get  rid  of  the 
management  ducks?  That  is  a  co¬ 
nundrum,  since  only  other  manag¬ 
ers  could  do  it,  and  managers  tend 
to  protect  other  managers. 

If  you  think  that  employee  ducks 
are  bad,  manager  ducks  are  10  times 
worse  for  the  company.  And  often- 


Chuckle  While 
You  Work 

Don  Tennant’s  comments  about 
humor  in  the  workplace  are  dead- 
on  [“Here’s  to  Humor,”  April  21],  I 
just  read  a  book  by  Adrian  Gostick 
titled  The  Levity  Effect  that’s  full 
of  examples  of  how  humor  moti¬ 
vates  employees.  (I’m  a  little  partial 
because  he  quoted  me  a  couple  of 
times  in  the  book.)  I  work  in  a  great 
environment  full  of  funny  and  hard¬ 
working  people  and  believe  humor 
is  one  of  the  best  (and  most  cost- 
effective)  ways  to  maintain  morale 
and  productivity. 

■  Craig  Kerkove,  Dallas 


RWORLD.COM 


FIND  THESE  STORIES  AT  COMPUTERWORLD.COM/MORE 


Reader  Favorites: 

10  Great  Free  Network  Tools 

Computerworld  recently  showcased  free 
network  management  software,  and  readers 
responded  with  some  of  their  own  picks. 

We  take  a  look  at  those  tools  and  report 
on  their  capabilities  and  usage. 


Security  Goes  to 
The  Movies:  Iron  Man 

A  film  geek  and  a  security  nerd  square 
off  in  a  cinematic  smackdown. 


IT  Hits  the  Highway: 

Big  Rigs  Go  High  Tech 

From  GPS  and  handheld  computers  to 
enhanced  vehicle-monitoring  and  safety 
systems,  emerging  technologies  are  poised 
to  transform  the  trucking  business. 


Hyperconnectivity: 

Friend  or  Foe? 

OPINION:  There’s  no  question  that  we’re  all 
getting  hyperconnected,  Mike  Elgan  says,  but 
he  wonders  whether  that’s  good  or  bad. 


Mac-Based  Modbook 
Tablet  Offers  Promise 
But  Limited  Appeal 


REVIEW:  Axiotron  is  now 
shipping  the  Modbook,  a 
slate-style  tablet  computer 
based  on  Apple’s  Mac- 
Book  laptop  that  was  first 
unveiled  in  2007.  While 
it  offers  a  one-of-a-kind 
design  for  Mac  users,  the 
sum  seems  less  valuable 
than  the  parts. 


COMPUTERWORLD 

RO.  Box  9171, 1  Speen  Street 
Framingham,  MA  01701 
(508)  879-0700 

Computerworld.com 

■  EDITORIAL 

Editorial  Director  Don  Tennant 
Editor  in  Chief  Scot  Finnie 
Executive  Editors  Mitch  Betts. 

Julia  King  (events) 

Managing  Editors  Michele  Lee  DeFilippo 
(production).  Sharon  Machlis  (online), 

Ken  Mingis  (news) 

Design  Director  Stephanie  Faucher 
Features  Editors  Kathleen  Melymuka, 

Valerie  Potter,  Ellen  Fanning  (special  reports), 
Barbara  Krasnoff  (reviews) 

Senior  Editors  Johanna  Ambrosio  (channels), 
Mike  Barton  (new  media) 

Senior  News  Editor  Craig  Stedman 
News  Editors  Mike  Bucken,  Marian  Prokop 
National  Correspondents  Gary  Anthes, 
Thomas  Hoffman,  Julia  King,  Robert  L.  Mitchell 
Reporters  Brian  Fonseca,  Sharon  Gaudin, 

Matt  Hamblen,  Heather  Havenstein,  Gregg  Keizer. 
Eric  Lai,  Linda  Rosencrance,  Patrick  Thibodeau, 
Jaikumar  Vijayan,  Todd  R.  Weiss 
E-mail  Newsletters  Editor  David  Ramel 
Channel  Editors  Johanna  Ambrosio 
(servers  and  data  centers),  Angela  Gunn 
(security),  Lucas  Mearian  (storage), 

David  Ramel  (networking  and  Internet) 
Assistant  Managing  Editor  Bob  Rawson 
(production) 

Blogs  and  Projects  Editor  Joyce  Carpenter 
Editor  at  Large  Mark  Hall 
Senior  News  Columnist  Frank  Hayes 
Art  Director  April  O’Connor 
Associate  Art  Director  Owen  Edwards 
Research  Manager  Mari  Keefe 
Senior  Copy  Editors  Eugene  Demaitre, 

Monica  Sambataro 
Copy  Editor  Donna  Sussman 
Associate  Editor,  Community  Ken  Gagnd 
Office  Manager  Linda  Gorgone 
Contributing  Editors  Jamie  Eckle, 

Preston  Gralla,  David  Haskin,  Tracy  Mayor 

■  CONTACTS 

Phone  numbers,  e-mail  addresses  and 
reporters’  beats  are  available  online  at 
Computerworld.com  (see  Contacts  link 
at  the  bottom  of  the  home  page). 

Letters  to  the  Editor  Send  to  letters® 
computerworld.com.  Include  an  address  and 
phone  number  for  immediate  verification. 

Letters  will  be  edited  for  brevity  and  clarity. 
24-hour  news  tip  hot  line  (508)  620-7716 
Subscriptions  and  back  issues  (888)  559- 
7327,  cw@omeda.com 
Reprints/permissions  The  YGS  Group, 

(800)  290-5460,  ext.  150,  computerworld® 
theygsgroup.com 


THE  WEEK  AHEAD 

WEDNESDAY:  Google  begins  its  inaugural  Google  I/O 
conference  for  Web  developers  in  San  Francisco. 

THURSDAY:  RailsConf  2008  opens  in  Portland,  Ore., 
with  a  focus  on  the  Rails  framework  for  Web  applications. 

SATURDAY:  Three  computer-science  groups  and  the  family 
of  Jim  Gray  present  a  tribute  to  him  at  the  University  of  Cali¬ 
fornia,  Berkeley.  Gray,  a  renowned  researcher  at  Microsoft, 
IBM  and  other  vendors,  disappeared  last  year  while  sailing. 


News. 


FIND  THE  FULL  STORIES  AT 

COMPUTERWORLD.COM 


NETWORKING 


Rising  Fuel  Prices 
Prime  Pump  for 
More  Telecommuting, 
Virtual  Meetings 


LAS  VEGAS 

HE  TIPPING  POINT  on 
gas  prices  came  about 
a  month  ago  for  Bill 
Lucas,  an  IT  engineer  at 
Milwaukee-based  utility  We 
Energies.  He  stopped  using 
his  car  for  his  35-minute 
commute  and  instead  start¬ 
ed  taking  a  bus,  which  costs 
$2.50  each  way  thanks  to  a 
ticket  subsidy  from  the  util¬ 
ity.  Lucas  said  he  has  plenty 
of  fellow  riders. 

Meanwhile,  Jim 
Bagozzi,  associate  vice 
president  of  business 
solutions  at  Canadian 
Tire  Corp.,  said  that  the 
Toronto-based  retailer 
and  financial  services 
firm  is  expanding  its 
support  for  working 
remotely.  Canadian  Tire 
found  that  in  order  to 
entice  some  new  em¬ 
ployees  with  specialized 
skills,  it  had  to  set  them 
up  to  work  in  satellite 
offices  instead  of  requir¬ 
ing  them  to  commute  to 
headquarters. 

Telework  is  “a  fairly 
new  concept  for  us,” 


Bagozzi  said.  But  he  noted 
that  gas  prices  in  Toronto 
were  about  $1.25  (Canadian) 
per  liter  last  week  —  an 
amount  equal  to  nearly  $5 
per  gallon  in  U.S.  currency. 

Lucas  and  Bagozzi  aren’t 
alone.  At  Forrester  Research 
Inc.’s  IT  Forum  2008  confer¬ 
ence  here  last  week,  a  dozen 
IT  managers  and  staffers 
said  that  rapidly  escalating 
fuel  prices  are  prompting 
their  companies  to  increase 


telecommuting  programs 
or  explore  the  idea  of  doing 
so.  Some  are  also  turning  to 
virtual  meeting  technolo¬ 
gies  to  cut  down  on  travel. 

Expanded  use  of  video- 
conferencing  technology 
from  Cisco  Systems  Inc.  has 
helped  The  Procter  &  Gam¬ 
ble  Co.  reduce  its  corporate 
travel  spending  by  15%  over 
the  past  year,  said  Marta 
Foster,  vice  president  of 
business  solutions  for  global 
business  services  at  P&G. 

David  Trumble,  an  enter¬ 
prise  architect  who  works 
at  a  Boston-area  firm  that  he 
asked  not  be  named,  said  the 
continuing  rise  in  gas  prices 
will  likely  limit  people’s  job 
searches  to  smaller  geo¬ 
graphic  areas  if  telecommut¬ 
ing  support  isn’t  expanded. 

A  commute  of  40  to  50 
miles  “really  doesn’t 
add  up”  from  a  cost 
standpoint  nowadays, 
Trumble  said. 

On  the  other  hand, 
Tom  Jackson,  an  IT 
manager  at  a  consumer 
products  company  that 
he  asked  not  be  identi¬ 
fied,  said  he  could  work 
from  home  every  day 
but  does  so  only  two 
days  a  week  —  even 
though  driving  to  work 
is  costing  him  $60 
weekly  for  gas. 

“It’s  worth  it  to  me  to 
get  out  of  the  house,” 
i  Jackson  said. 

£  —  Patrick  Thibodeau 


1101  »0FT  COR!  ‘  la  k 

said  it  will  add  support  for  the 
DDF  and  PDF  file  formats  to  Of¬ 
fice  2007  -  a  change  of  heart 
that  won  it  some  praise  from 
desktop  application  rivals  such 
as  IBM  and  Qpen0fhce.org. 

Native  support  for  the  Open 
Document  Format  for  Office 
Applications  and  the  Portable 
Document  Format  will  be  built 
into  the  Service  Pack  2  release 
Of  Office  2007,  which  is  due  in 
the  first  half  of  next  year. 

Office  users  currently  have 
to  install  third-party  plug-ins 
to  store  documents  in  0DF. 

Gray  Knowlton,  an  Office  group 
product  manager  at  Microsoft, 
said  that  the  software  vendor 
previously  had  heard  from 
users  thal  ppo 
translators  was  good  enough. 
But  now,  he  added,  “we’ve  got¬ 
ten  the  direction  that  people 
want  0DF  in  the  product.” 

Ironically,  the  0DF  and  PDF 
support  will  be  added  before 
Office  2007  gets  full  support 
for  the  recently  ratified  ISO- 
standard  Version  of  Microsoft’s 
own  Office  Open  XML  format  in 
its  next  major  release. 

-  ELIZABETH  M0NTALBAN0, 
IDG  NEWS  SERVICE 

FORMAT  CHANGE 


6  C0MPUTERW0RLD  MAY  26,  2008 


30R0CK  ' 

i  *  l 


Brands  that  have  revolutionized  online 
business  have  on 


Hulu  puts  the  audience  in  control,  letting:  viewers 
vhen,  where  and  how  they  tune  into  theft 
favorite  TV  shows,  movies,  clips  and  more.  With 

>usands  of  videos  spanning  every  genre,  Hulu  makes 
t  easy  to  use  and  share  premium  programming  -  •  all 
ree  and  on  demand.  Offering  the  latest  primetime 
favorites,  classic  episodes  of  vintage  shows,,  feature 
3  whole  lot  more,  Hulu  is  revolutioninizing 
the  way  audiences  watch  online. 


A  lot  can  happen  in  ten  years.  Especially  with 
Internet  technology  that's  revolutionizing  virtually 
every  facet  of  business.  New  sales  channels.  New 
applications  and  advertising  models.  In  our  first 
ten  years,  Akamai  has  helped  the  world's  leading 
businesses  become  the  world's  leading  online 
businesses.  And  we're  just  getting  started.. 


Enabling  the  Revolution 


u  fc  u  1 1J  M 


tanwCn 


Www 


m  NEWS  DIGEST 


DEVELOPMENT 

Delays,  Cost  Overruns 
Plague  Portland  IT  Project 


Delays  and  cost  over¬ 
runs  forced  the  city 
of  Portland,  Ore.,  to 
replace  the  consultant  it 
hired  to  oversee  an  IT  proj¬ 
ect  whose  price  tag  spiraled 
from  $31  million  to  almost 
$50  million  over  20  months. 

The  city  launched  the 
project  in  late  2006  with 
the  expectation  that  by  De¬ 
cember  2007,  new  comput¬ 
ers  and  SAP  applications 
would  be  installed,  and  300 
key  software  and  hardware 
systems  would  be  over¬ 
hauled  and  integrated. 

When  it  became  appar¬ 
ent  late  last  year  that  the 
project  was  facing  delays, 
the  city  moved  to  terminate 
its  contract  with  Ariston 
Consulting  &  Technologies 
Inc.,  the  firm  overseeing  the 
effort,  said  Laurel  Butman,  a 
principal  management  ana¬ 
lyst  in  Portland’s  Office  of 
Management  and  Finance. 

The  city  quickly  sought 
help  from  SAP  AG  con¬ 
sultants,  who  blamed  the 
delay  on  “the  process  of  ap¬ 
proaching  the  implementa¬ 


tion,”  Butman  noted. 

The  SAP  consultants  ex¬ 
tended  the  project’s  time¬ 
line  and  now  expect  the 
SAP  financial  software  to 
be  running  by  this  Novem¬ 
ber  and  the  vendor’s  hu¬ 
man  resource  applications 
by  next  May. 

Robert  Stoll,  a  Portland 
attorney  representing  Aris¬ 
ton,  said  the  San  Diego- 
based  company  set  the 
project’s  budget  and  sched¬ 
ule  based  on  information 
provided  by  city  officials 
who  were  not  familiar  with 


Portland’s  IT  systems  and 
needs.  “It’s  sort  of ‘garbage 
in,  garbage  out,’  if  you 
know  what  I  mean,”  he  said. 

“I  certainly  don’t  think 
that  Ariston  made  any  mis¬ 
takes.  The  city,  rightly  or 
wrongly,  lost  confidence  in 
Ariston,”  Stoll  added. 

Stoll  and  the  city  are  still 
working  to  settle  disagree¬ 
ments  about  payments  for 
change  orders.  “We  hope 
that  we’re  not  going  to  have 
to  take  legal  action,”  the  at¬ 
torney  said.  “I’m  very  hope¬ 
ful  that  the  parties  will  be 
able  to  work  things  out.” 

Mark  Greinke,  who 
assumed  the  city’s  chief 
technology  officer  post  in 
February,  said  Portland 
officials  have  been  plan¬ 
ning  the  project  since  2001. 

Once  the  IT  systems  are 
upgraded,  most  city  work¬ 
ers  will  be  able  to  access 
the  new  SAP  applications 
through  Web-based  inter¬ 
faces,  Greinke  said. 

The  problems  with 
Portland’s  IT  overhaul 
came  at  the  same  time  de¬ 
veloper  MetroFi  Inc.  halted 
partially  completed  work 
on  the  city’s  much-touted 
Wi-Fi  project,  after  cutting 
revenue  projections. 

—  Todd  R.  Weiss 


Cisco  Sy 

has  issued  three  security 
patches  that  fix  denial-of 
service  bugs  discovered  i  i 
the  Secure  Shell  protocol 
in  Cisco  I0S  Software, 
which  runs  the  company’s 
routers,  and  in  its  Service 
Control  Engine. 

Hewlett-Packard  Co 

said  that  a  31%  increase 
in  laptop  PC  sales  led  to 
St  ong  financial  results  for 
its  second  quarter,  which 
ended  April  30.  The  com¬ 
pany  reported  a  rofit  of 
S2.Q  billion  on  revenue 
of  S28  billion,  up  11% 
from  a  year  earlier. 

. 

fornia  and  Connection 

have  charged  38  people  in 
the  U.S.  and  Romania  with 
using  complex  Internet 
phishing  schemes  to  steal 
thousan  js  o  credit  and 
debit  care  lumbers. 

Red  Hat  and 

Inc.  have  both  unveiled 
updates  for  their  high-end 
Linux  open  ing  /stems 
Both  Red  Hat  Enterprise 
Linux  5.  and  Service 
Pack  2  for  Novell’s  SUSE 
Linux  Enterprise  10  add 
capabilities  and  support 
for  new  hardware. 


HARDWARE 

EMC  Execs  Look  to  Help 
Drive  Down  SSD  Prices 


LAS  VEGAS  -EMC  Corp.  ex¬ 
pects  that  its  plan  to  spread 
solid-state  technology  through 
its  high-end  disk  storage  arrays 
will  help  cut  the  price  of  the 
technology  and  make  it  more 
attractive  to  IT  executives. 

At  the  EMC  World  user  con¬ 
ference  here  last  week,  top  ex¬ 
ecutives  said  they  expect  solid- 
state  pricing  to  be  comparable 
to  that  of  high-performance 


Fibre  Channel  drives  by  2011. 

“The  price  for  flash  is  coming 
down  significantly  faster  than 
rotating  drives  right  now,”  said 
Dave  Donatelli,  executive  vice 
president  of  storage  platforms 
operations  at  EMC.  “Our  stated 
corporate  goal  is  we're  trying  to 
drive  it  down  as  fast  as  we  can.” 

EMC  began  its  solid-state 
push  in  January  by  making  the 
technology  an  option  for  its 


high-end  Symmetrix  storage 
arrays.  The  products  use  solid- 
state  disks  made  by  Stec  Inc. 

K.  J.  Burke,  a  systems  engi¬ 
neer  at  gold  mining  operation 
Barrick  Gold  Corp.  in  Toronto, 
said  his  firm  is  looking  to  solid- 


state  technology  because  the 
servers  and  disk  drives  at  its 
mines  are  subjected  to  dust  and 
dirt  tracked  in  by  workers. 

“What  I  like  about  solid-state 
disk  is  there  are  no  moving 
parts  to  break  down,”  he  said. 

John  Webster,  an  analyst 
at  ISIuminata  Inc.,  suggested 
that  Fibre  Channel  drives  will 
probably  also  drop  in  price  and 
increase  in  efficiency  over  the 
next  two  to  three  years. 

“I  think  it’s  too  early  to  jump 
the  gun  on  this,”  Webster  said. 

-  LUCAS  MEARIAM 


H  C0MPUTERW0RLD  MAY  26,  2008 


EXPERIENCE  THE 


Exstream's  Dialogue™  enterprise  document  automation  software,  combined  with 
Hewlett-Packard's  integrated  technology  for  document  and  records  management, 
information  archiving,  and  retention  provides  a  synergistic  enterprise  solution  for 
today's  CIO.  Together,  these  technologies  give  you  the  ability  to  create  more 
effective  customer  communications  while  meeting  compliance  and  e-discovery 
requirements.  Contact  us  today  to  learn  how  you  can  experience  the  synergy  by 
benefiting  from  our  innovative  solutions. 


www.  exstrea  m .  com/h  psy  nergy 


exstream 

software 


■  NEWS  DIGEST 


IT  vs.  MOTHER  NATURE 

NASA,  Others  Move  to 
Save  IT  From  Ant  Swarms 


The  Johnson  Space 
Center  has  called  in 
insect  extermination 
experts  to  help  keep  a 
swarm  of  voracious  ants  out 
of  its  sensitive  and  critical 
computer  systems. 

The  ants  have  been  caus¬ 
ing  growing  problems  — 
from  short-circuiting  com¬ 
puters  to  shutting  down 
major  corporate  IT  systems 
—  in  their  six-year  march 
through  five  Texas  counties 
in  the  Gulf  Coast  area. 

“These  ants  are  raising 
havoc,”  said  Roger  Gold, 
professor  of  entomology 
at  Texas  A&M  University. 
“They’re  foraging  for  food, 
and  they’ll  go  into  any  space 
looking  for  it.  In  the  process, 
they  make  their  way  into 
sensitive  equipment.” 

Just  last  week,  the  Texas 
Department  of  Agriculture 
requested  federal  funding  to 
study  the  species. 

Officials  believe  the  non¬ 
native  creatures  came  ashore 
several  years  ago  off  a  ship 
from  a  Caribbean  country, 
said  Paul  Nester,  a  program 
specialist  at  the  Texas 
AgriLife  Extension  Service. 

The  ants  are  dubbed  “crazy 
Rasberry  ants”  after  Tom 
Rasberry,  owner  of  Budget 


«  Texas  exterminator  Tom 
Rasberry  with  his  namesake 
“crazy  Rasberry  ants.” 

Pest  Control  in  Pearland, 
Texas,  who  first  tackled  the 
species  in  2002. 

NASA’s  Johnson  Space 
Center  turned  to  Rasberry 
about  two  months  ago  as  the 
swarm  approached  Houston. 
Through  last  week,  he  had 
found  four  colonies  at  the 
NASA  site,  but  so  far,  all  were 
small  enough  to  control. 

“With  the  computer  sys¬ 
tems  they  have,  it  could  dev¬ 
astate  the  facility,”  Rasberry 
said.  “If  these  ants  got  into 
the  facility  in  the  numbers 
they  have  in  other  locations, 
well,  it  would  be  awful.” 

NASA  referred  all  ques¬ 
tions  to  Rasberry. 

—  Sharon  Gaudin 


U.K.  Health  Center 
Loses  Data  Tape 

ISLE  OF  WIGHT,  England  - 

A  computer  backup  tape  con¬ 
taining  personal  information  on 
some  38,000  medical  patients 
was  lost  while  being  shipped 
by  courier  from  the  Sandown 
Health  Centre  here  to  a  London- 
based  software  company. 

The  tape  contained  medical 
records  of  current  and  former 
patients  dating  back  almost  12 
years.  The  U.K.  National  Health 
Service  said  the  software  firm 
was  going  to  test  the  software 
used  to  run  the  backup  tape. 

The  local  NHS  Trust  said 
that  the  tape  is  presumed  to  be 
lost,  “possibly  permanently, 
although  all  possible  efforts 
are  being  made  to  find  it.”  It 


to  C0MPUTERW0RLD  MAY  26, 2008 


BETWEEN  THE  LINES  By  John  Klossner 


The 

rejected 
’$  claims 
that  tad 

infringed  on  four  unified- 
communications  patents. 

An  dministrative  law  judge 
had  ruled  earlier  that  one  of 
the  patents  was  infringed. 

launched  its 


Google  Health  jrvice, 
which  let:  ndividuals  store 
their  medical  records  and 
other  health  data  online. 

Microsoft 

released  Windows  3.0, 
which  sold  10  million  copies 
in  two  years  and  established 
Windows  as  the  dominant 
PC  operating  system. 


added  that  the  risk  of  misuse 
is  “extremely  small”  because 
the  tape  requires  proprietary 
equipment. 

Computer-world  U.K.  staff 

Hong  Kong  Him, 
Intel  to  Build  PC 


exporters.  Yahoo  Inc.  holds  a 
40%  stake  in  the  hrm. 

The  spokesman  said  the 
jointly  built  PCs  will  be  avail¬ 
able  this  year  from  an  as-yet 
undetermined  manufacturer. 
Pricing  has  not  been  set. 
Channelworld  India  staff 


H0N0K0NG-Aiibaba.com 
Ltd.  and  Intel  Corp.  plan  to 
jointly  develop  a  computer 
designed  to  help  small  and 
midsize  Chinese  businesses 
boost  online  efforts. 

The  companies  said  in  a 
statement  that  the  new  com¬ 
puter  will  be  based  on  undis¬ 
closed  Intel  components  and 
will  be  equipped  with  Alibaba’s 
e-commerce  applications.  An 
Intel  spokesman  did  say  that 
the  new  PCs  will  not  run  the 
company’s  Atom  processor, 
which  is  due  to  ship  in  June. 

Hong  Kong-based  Alibaba’s 
e-commerce  site  matches 
foreign  buyers  with  Chinese 


BRIEFLY  NOTED 

The  U.K.  government  last  week 
approved  a  plan  proposed 
by  the  Metropolitan  Police 
Service  to  create  national 
e-crime  law  enforcement  unit. 
The  £5.3  million  ($10.5  million 
U.S.)  proposal  calls  for  train¬ 
ing  50  officers  to  investigate 
online  crimes  ranging  from  fee 
fraud  to  terrorist  threats. 

Leo  King, 

Computerworld 
UK. 


NEWS  ANALYSIS  M 


IT  Security 
Report  Card 
Gets  Low  Grade 
From  Critics 

Federal  agencies  scored  a  C 
overall  on  an  annual  report 
card  that’s  based  on  their 
FISMA  compliance  reports. 
But  is  it  all  just  a  paperwork 
exercise?  By  Jaikumar  Vijayan 


The  u.s.  government 
received  an  overall 
C  grade  on  an  an¬ 
nual  information- 
security  report  card  that 
was  released  last  week.  But 
there  is  growing  skepticism 
about  whether  the  report 
card  and  the  internal  secu¬ 
rity  reports  on  which  it’s 
based  accurately  portray 
how  well  prepared  federal 
agencies  are  to  deal  with  IT 
security  threats. 

Nine  of  the  24  agencies 
rated  by  Rep.  Tom  Davis  (R- 
Va.)  were  given  failing  secu¬ 
rity  grades  for  2007  on  the 
new  report  card,  while  eight 
got  grades  of  A-  or  better. 

The  grades  are  based  on 
reports  of  agencies’  compli¬ 
ance  with  the  Federal  Infor¬ 
mation  Security  Manage¬ 
ment  Act.  Those  reports  are 
compiled  annually  by  the 
inspector  general  at  each 
agency. 

Approved  by  Congress 
in  the  aftermath  of  the  9/11 
terrorist  attacks,  FISMA 
was  initially  seen  as  a  much- 
needed  measure  for  bolster¬ 
ing  IT  security  within  the 


government.  But  now  critics 
claim  that  many  agencies 
are  treating  the  FISMA 
process  as  little  more  than  a 
paperwork  exercise,  not  as  a 
means  of  implementing  ac¬ 
tual  security  improvements. 

“FISMA  reports  say  abso¬ 
lutely  nothing  about  govern¬ 
ment  security,”  said  Alan 
Paller,  director  of  research 
at  the  SANS  Institute,  an  IT 
training  and  certification  or¬ 
ganization  in  Bethesda,  Md. 
“This  is  just  a  measure  of 
compliance  with  report- 
generation  [requirements].” 

The  big  problem,  ac¬ 
cording  to  Paller  and 
other  critics,  is  that  FISMA 
doesn’t  require  agencies  to 
demonstrate  that  they  have 
effectively  implemented 
the  mandated  controls.  For 
instance,  an  agency  that 
can  show  it  has  a  security 
awareness  training  program 
is  deemed  to  be  compliant 
with  that  requirement,  even 
if  no  employees  have  re¬ 
ceived  any  training. 

Ironically,  Paller  said, 
some  agencies  that  are 
trying  to  comply  with  the 


intent  of  FISMA  are  getting 
poor  grades  on  Davis’  report 
card,  while  others  that  seem 
to  view  it  merely  as  a  report¬ 
writing  process  are  receiv¬ 
ing  higher  grades. 

FISMA  “is  an  example  for 
the  textbooks,”  Paller  said, 
contending  that  the  reports 
produce  “useless  scores” 
that  are  highlighted  by  Con¬ 
gress  in  a  way  that  encour¬ 
ages  agencies  “to  deliver 
misleading  results.” 

Karen  Evans,  who  is  the 
de  facto  federal  CIO  through 
her  role  as  administrator 
of  e-government  and  IT  at 
the  White  House  Office  of 
Management  and  Budget, 
acknowledged  that  federal 
officials  want  to  make  the 
FISMA  reports  more  results- 
oriented. 

“OMB  and  [Congress] 
share  the  goal  of  moving  our 
scorecards  beyond  a  compli¬ 
ance  exercise,”  Evans  wrote 
in  an  e-mail.  She  added  that 
officials  are  looking  at  us¬ 
ing  unspecified  “additional 
factors”  to  more  accurately 
measure  how  agencies  are 
doing  on  security. 

Gartner  Inc.  analyst 
John  Pescatore  said  that 
FISMA  has  succeeded  at 
focusing  attention  on  cyber¬ 
security  issues  throughout 
the  federal  government. 

“At  least  it’s  forcing 
agencies  to  publicly  state 
how  well  they’re  doing 
with  security,”  he  noted. 
“Where  are  the  grades 
for  private  industry?” 

But  Pescatore  added 
that  the  FISMA  process 
has  become  too  “paper- 
bound”  and  is  in  need 
of  a  “major  revamp.”  For 
example,  he  said  he  would 
like  to  see  requirements  for 
continuous  vulnerability 
assessments,  such  as  those 
mandated  by  the  major  cred¬ 
it  card  companies  as  part  of 
the  Payment  Card  Industry 
Data  Security  Standard. 


The  overall  C  grade  hand¬ 
ed  out  by  Davis,  who  is  the 
ranking  minority  member 
of  the  House  Committee  on 
Oversight  and  Government 
Reform,  was  a  slight  im¬ 
provement  over  the  C-  that 
the  government  got  on  last 
year’s  report  card. 

A  staff  member  in  Davis’ 
office,  which  asked  that  the 
employee  not  be  identified, 
said  the  congressman  is 
working  to  “improve  the 
efficacy  of  the  scores  and  to 
make  sure  the  [FISMA]  proc¬ 
ess  is  measuring  what  it’s 
supposed  to  be  measuring.” 

According  to  the  staffer, 
Davis  is  drafting  legisla¬ 
tion  that  would  give  FISMA 
more  teeth.  The  goal,  he 
said,  is  to  give  agencies  in¬ 
centives  for  using  FISMA  to 
improve  their  security  while 
instituting  “firm  penalties” 
for  those  that  fail  to  do  so.  ■ 

f  MAKING  (AND 
i  NOT  MAKING) 

!  THE  GRADE 

•  Agency  for  International 
Development 

•  Department  of  Justice 

•  Environmental 
Protection  Agency 

•  National  Science 
Foundation 


•  Housing  and  Urban 
Development 

•  Social  Security 
Administration 


•  General  Services 
Administration 

•  Office  of  Personnel 
Management 


•  Department  of  Agriculture 

•  Department  of  Commerce 

•  Department  of  Defense 

•  Department  of  the  Interior 

•  Department  of  Labor 

•  Department  of 
Transportation 

•  Department  of  the 
Treasury 

•  Department  of 
Veterans  Affairs 

•  Nuclear  Regulatory 
Commission 


MAY  26,  2008  C0MPUTERW0RLD  11 


m  NEWS  ANALYSIS 


IT  Finally 
Opens  Its, 
Eyes to 
Camera 
Phones 

As  handheld  devices  with 
built-in  cameras  become 
more  and  more  prevalent, 

IT  departments  are  finding 
it  harder  to  keep  them  out  of 
the  hands  of  end  users. 

By  Matt  Hamblen 


AMERAS  ARE 
now  available 
on  nearly  all 
wireless  hand¬ 
helds,  from 
inexpensive  cell  phones  to 
high-end  smart  phones  and 
PDAs.  While  that’s  con¬ 
venient  for  end  users  who 
want  to  use  their  phones  to 
take  pictures,  it’s  putting 
pressure  on  IT  managers 
to  reconsider  corporate 
policies  banning  camera- 
equipped  devices. 

Beginning  in  2004,  when 
handhelds  with  built-in 
cameras  first  became  widely 
available,  many  companies, 
worried  about  the  potential 


security  and  pri¬ 
vacy  threats  posed 
by  the  devices,  dug 
in  their  heels  and 
insisted  that  their 
workers  continue 
to  use  models 
without  cameras. 

Four  years  later,  though, 
that  hard-line  approach  ap¬ 
pears  to  be  softening.  “Some 
companies  are  still  avoiding 
[handhelds  with  cameras], 
but  that’s  a  minority,”  said 
Gartner  Inc.  analyst  Ken 
Dulaney,  who  works  with 
many  Fortune  500  compa¬ 
nies  on  their  mobile  device 
purchases  and  policies. 

Jack  Gold,  an  analyst  at 
J.Gold  Associates  LLC,  said 
his  clients  are  also  relax¬ 
ing  their  rules.  “Most  are 
resigned  to  the  notion  that 
virtually  all  phones  include 


cameras,”  Gold  said. 

That’s  the  case  at  a  large 
U.S.  corporation  with  about 
30,000  BlackBerry  users. 
The  company  recently  lifted 
its  outright  ban  on  cameras 
for  new  device  purchases. 

“Even  the  low-end  phones 
are  coming  out  with  Blue¬ 
tooth  and  cameras,”  said  a 
senior  IT  manager  at  the 
company  who  asked  not 
to  be  identified.  But  even 
though  the  ban  was  lifted, 
that  doesn’t  mean  it’s  open 
season  on  camera  use: 

The  IT  manager  said  that 
whenever  tech  staffers  can 
use  management  tools  to  re¬ 
motely  disable  built-in  cam¬ 
eras,  they  are  doing  so. 

There  are  multiple  tools 
that  can  be  used  to  curtail 
internal  camera  use.  For 
example,  BlackBerry  maker 
Research  In  Motion  Ltd. 
offers  models  in  which  cam¬ 
eras  can  be  turned  off  via  its 
BlackBerry  Enterprise  Serv¬ 
er  software,  to  prevent  em¬ 
ployees  from  surreptitiously 
photographing  proprietary 
information  or  taking  other 
inappropriate  photos.  Micro¬ 
soft  Corp.  has  made  similar 
photo-blocking  capabilities 
available  for  devices  running 
Windows  Mobile,  via  its  Ex¬ 
change  ActiveSync  synchro¬ 
nization  technology. 

In  addition,  some  hand¬ 
helds  are  still  being  config¬ 
ured  and  sold  without  cam¬ 
eras  in  order  to  satisfy  the 
demands  of  business  buyers 
with  strict  no-camera  poli¬ 
cies.  For  example,  Verizon 
Wireless  continues  to  stock 
camera-free  devices,  such  as 
the  BlackBerry  8830,  among 
its  inventory  of  about  30 
mobile  devices  from  various 
hardware  makers. 

“Some  companies  don’t 
see  the  camera  as  an  issue, 
but  some  still  prefer  that 
employees  not  have  them,” 
a  Verizon  Wireless  spokes- 
Continued  on  page  14 


12  C0MPUTERW0RLD  MAY  26,  2008 


I 


200  COURT  STREET 


m 


-:r 


m 


m 


%S$i 


m 


m 


is; 


W$Wt 


■ 


1 


m 


WM 


m 


&c{4% 

til: 


m 


m 


•1 


v6: 


m 


mm 


; .  ■ 


'I 


k8 


■  « 


K 


I :  •. 


IS 


; 


si 


: 


'  :■■ 


3M 


i 


HI 


Si* 


It 


1 


m 


M 


:it® 


: 


ns 


. 


m 


M 


a 


ii 


% 


ill 


mm 


m 


m 


_J 


1 


i;i§ 


j?  '»T»W?C 


Are  you  controlling  your  servers,  or  are  they  controlling  you? 

It's  time  for  virtualization  from  CDW. 


$2385.99  CDW  1312425 

Sun  SAS  Internal  Hard  Drives 

•  10,000  rpm  internal  hard  drives  for  Sun  Fire  x4150  servers 

73GB  $291 .99  CDW  1312446 
146GB  $382.99 CDW  1311622 


We're  there  with  the  server  virtualization  solutions  you  need. 

It's  time  to  end  the  server  sprawl.  CDW  can  help  you  run  all  your  operating  systems  and  applications  from 
a  single  virtual  server.  Not  only  does  that  free  up  space  and  lower  costs,  it  also  reduces  IT  management. 
Our  technology  specialists  can  recommend  the  right  virtualization  solution  for  your  business.  And  our 
custom  configuration  services  will  set  up  your  technology  to  your  specifications.  So  call  CDW  today,  and 
finally  put  your  servers  in  their  place. 

CDW.com  800.399.4CDW 


Sun,  Sun  Microsystems  and  the  Sun  Logo  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries.  Offer  subject  to 
COW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2008  CDW  Corporation 


.  ,  .  ■/  '■  v  V 

■  ...  : 


V 

.  . 

The  Right  Technology.  Right  Away. 


Call  CDW  for  pricing 


VMware  Infrastructure  3 


•  For  two  processors;  additional  licenses 

•  Data  center  management  and  optimization  suite  for  server  virtualization 

•  Increase  hardware  utilization  by  50%-70% 

•  Decrease  hardware  and  software  capital  costs  by  40% 

•  Improve  server-to-server  administrator  ratio  from  10:1  to  30:1 


@  Von  ware 


Standard  Edition  CDW  994692 
Enterprise  Edition  CDW  994419 


Sun  Fire  "  x4150  Rack-mount  Server 

•  Quad-Core  Intel  Xeon  Processor  E5320  (1.86GHz) 

•  Memory:  2GB  std.,  64GB  max.  (PC2-5300) 

•  Hard  drives:  none  ship  std.;  eight  SATA  disk  drive 
bays  available 

•  8MB  (2x4MB)  Level  2  Cache 


Hard  drives  sold  separately 


■  NEWS  ANALYSIS 


Continued  from  page  12 
woman  said.  She  noted 
that  companies  in  certain 
industries,  as  well  as  many 
government  agencies,  have 
retained  tough  policies  on 
devices  with  cameras. 

Gold,  who  advises  compa¬ 
nies  on  wireless  technolo¬ 
gies,  used  to  tell  his  clients 
to  buy  phones  without  cam¬ 
eras  to  avoid  security  issues. 

“However,  the  truth  is, 
most  phones  today  have  cam¬ 
eras  built  in,”  he  said.  “And 
if  you  search  for  a  good- 
featured  phone,  you  likely 
will  not  be  able  to  find  one 
without  the  camera.”  Now 
Gold  counsels  companies  to 
educate  their  users  about  the 
security  risks  of  cell  phone 
cameras  and  to  consider  re¬ 
motely  disabling  the  cameras 
instead  of  banning  them. 

One  of  the  reasons  why 
no-camera  policies  were 
adopted  was  to  prevent 
rogue  workers  from  taking 
photos  of  computer  screens 
or  of  new  products  being  de¬ 
veloped  and  then  using  the 
photos  to  compromise  their 
employers’  data  security. 

Security  guards  some¬ 
times  confiscate  the  phones 
of  visitors  if  they  suspect  the 
devices  have  cameras  built 
into  them,  or  they  take  the 
lesser  step  of  putting  tape 
over  the  cameras’  lenses. 

But  a  lens  can  be  the  size  of 
a  pinhole  and  can  be  easily 
hidden,  making  it  extremely 
hard  to  detect  cameras  in 
some  cases.  Even  confirm¬ 
ing  that  a  phone’s  camera  is 
turned  off  can  be  difficult 
because  doing  so  requires 
close  examination  of  the 
device’s  user  interface. 

Dulaney  first  wrote  about 
camera  phones  as  a  security 
threat  in  early  2004,  after 
vendors  flooded  that  year’s 
Consumer  Electronics  Show 
with  announcements  of  the 
devices.  But  he  said  then 
that  camera  bans  were  “an 


■o 


lx 

(Q. 

*  v 


Setting 

Camera 

Phone 

Policies 

■  Establish  a  clear  usage 
policy,  not  an  outright  ban. 

■  Create  clearly  marked 
“secure  zones”  where 
photography  is  forbidden. 

■  Ban  photography  of 
items  that  are  confidential 
to  your  company. 

■  Prohibit  anyone  from 
taking  pictures  of  other 
people  without  their 
permission. 

■  Insist  that  no  photos  be 
taken  in  places  where  per¬ 
sonal  privacy  is  expected. 

SOURCE:  GARTNER  INC. 

overreaction”  by  companies 
and  IT  departments,  and  his 
opinion  hasn’t  changed  over 
the  past  four  years. 

Blanket  bans  on  cameras 
are  “a  stupid  position,”  said 
Dulaney.  “If  you’re  a  spy, 
you  won’t  have  a  camera 
that  people  can  see.”  He 
added  that  having  a  camera 
on  a  handheld  device  can 
actually  be  valuable  for  em¬ 
ployees  in  some  situations 
—  even  for  surreptitiously 
photographing  crimes  be¬ 


ing  committed  in  company 
parking  lots  to  help  police 
catch  the  perpetrators. 

Many  companies  deploy 
cell  phones  with  cameras  for 
business  purposes.  For  ex¬ 
ample,  repairmen  use  them 
to  take  photos  of  defective 
parts,  and  real  estate  agents 
can  quickly  snap  photos 
of  houses  being  put  up  for 
sale.  But  Gene  Gretzer,  an 
information  management 
project  manager  at  St.  Luke’s 
Episcopal  Health  System  in 
Houston,  said  he  still  finds 
the  quality  of  camera  phone 
pictures  to  be  too  grainy  for 
any  serious  business  uses, 
other  than  as  publicity  pho¬ 
tos  on  hospital  Web  sites. 

Dulaney  recommended 
that  companies  set  up  so- 
called  secure  zones  where 
restrictions  on  camera 
phones  are  tighter  than 
they  are  elsewhere.  That 
might  mean,  say,  that  a  busi¬ 
ness  would  show  off  new 
products  only  in  a  secure 
zone  and  would  confiscate 
phones  with  cameras  before 
visitors  or  even  employees 
entered  that  area. 

“Usage  guidelines  are  far 
more  effective  than  outright 
bans,”  Dulaney  said. 

At  St.  Luke’s,  the  focus 
has  been  on  developing 
policies  against  taking  pho¬ 
tographs  instead  of  prevent¬ 
ing  users  from  obtaining 
camera  phones.  “It’s  pretty 
hard  to  draft  and  maintain  a 
policy  on  [buying]  technol¬ 
ogy  when  it  changes  so  of¬ 
ten  and  when  everyone  has 


MMost  phones  today 
have  cameras  built 
in,  and  if  you  search  for  a 

Kod-featured  phone,  you 
ely  will  not  be  able  to  find 
one  without  the  camera. 

JACK  GOLD,  ANALYST.  J.GOLD  ASSOCIATES  LLC 


a  phone  of  a  different  type 
and  uses  it  for  other  things, 
like  talking,”  Gretzer  said. 

But  regulating  use  of  the 
devices  can  be  difficult  as 
well,  he  added.  St.  Luke’s 
restricts  cell  phone  usage 
in  certain  areas  within  its 
medical  facilities  for  safety 
reasons  related  to  electro¬ 
magnetic  emissions,  but  not 
throughout  every  building. 
Outside  of  those  areas,  the  IT 
department  relies  on  workers 
to  alert  it  if  they  see  some¬ 
one  actively  using  a  camera 
phone  to  take  photos  under 
questionable  circumstances. 

The  Los  Angeles  Com¬ 
munity  College  District 
also  hasn’t  banned  camera 
phones,  although  there  are 
plenty  of  locations  where 
data  security  is  paramount, 
said  CIO  Jorge  Mata.  For 
example,  student  payment 
records  are  openly  dis¬ 
played  on  computer  moni¬ 
tors  in  the  finance  offices  of 
the  LACCD,  which  has  nine 
campuses  and  more  than 
130,000  students. 

To  limit  the  risk  that  an 
unauthorized  person  might 
pass  by  a  terminal  and  use 
a  camera  phone  to  photo¬ 
graph  sensitive  information, 
the  LACCD  has  installed 
“hundreds”  of  privacy  fil¬ 
ters  on  laptop  and  desktop 
PC  screens,  Mata  said.  The 
filters,  which  range  in  price 
from  $45  to  $200  each,  are 
designed  to  prevent  anyone 
but  the  user  sitting  in  front 
of  the  screen  from  seeing 
the  information. 

“We  don’t  want  to  risk 
privacy,”  Mata  said.  But  he 
added  that  in  general,  set¬ 
ting  usage  guidelines  for 
camera-equipped  phones 
and  then  relying  on  the 
common  sense  of  users 
makes  more  sense  to  him 
than  slapping  a  ban  on  the 
devices  does.  “Some  things,” 
he  said,  “do  not  come  down 
to  a  technology  solution.”  ■ 


14  C0MPUTERW0RLD  MAY  26,  2008 


HOT  TRENDS  ■  NEW  PRODUCT  NEWS  ■  INDUSTRY  BUZZ  BY  MARK  HALL 


ini 


KiM?  TUA6  ft#-  \ti  , 

ENERsy  PrnfMi! 


'  >  J  At 


[DoLTi 


0  j 


I  * 


Idle  Servers  Eat  Energy 

CASSATT  CORP.  is  betting  that  soaring  energy  costs  and 

increased  green  awareness  in  IT  will  make  a  new  feature  in 
Cassatt  Active  Response  data  center  management  software 
appealing.  With  the  release  of  Version  5.1  last  week,  users  of 
the  San  Jose-based  company’s  tool  will  be  able  to  set  poli¬ 
cies  to  turn  servers  off  when  the  software  detects  that  they  are  idle. 


Jay  Fry,  vice  president  of  mar¬ 
keting,  says  the  policies  are  broad 
enough  to  accommodate  virtually 
anyone’s  definition  of  idle.  And  he 
doesn’t  think  data  center  managers 
should  be  reluc¬ 
tant  to  turn  serv¬ 
ers  off.  “It’s  an 
urban  myth  that 
it’s  a  bad  thing,” 
he  contends. 

Ken  Oestreich, 
director  of  product  management, 
adds  that  it’s  not  enough  for  IT  man¬ 
agers  to  buy  power-efficient  servers 
or  rely  solely  on  server  consolidation 
to  achieve  green  goals.  “Just  because 
you  buy  energy-efficient  light  bulbs 
doesn’t  mean  you  forget  about  light 
switches,”  he  says.  Cassatt  Active 
Response  5.1  works  with  various 
types  of  management  software,  such 
as  load  balancers  and  trouble-ticket 
systems,  so  that  false  alerts  aren’t 


generated.  The  upgrade  also  sup¬ 
ports  more  server  systems’  power 
controllers,  including  Sun’s.  Pricing 
starts  at  $200  per  managed  machine. 

Dance,  Apps,  Dance! 

If  Web  services-based  applications 
dance,  it’s  a  slow  waltz,  since  choreo¬ 
graphing  the  work  among  various 
dependent  services  can  bog  down 
systems.  But  this  August,  Strange- 
loop  Networks  Inc.  in  Vancouver, 
British  Columbia,  will  release  the 
WS1000  Web  Services  Accelerator 
appliance  to  help  your  apps  pick  up 
the  tempo.  According  to  Virginia 
Balcom,  vice  president  of  market¬ 
ing,  the  device  uses  the  company’s 


Strangeloop’s  WSI000  boosts 
Web  services’  performance. 


“choreography  engine”  to  cache 
data  from  the  various  services, 
thereby  offloading  requests  from 
the  primary  systems.  Because  the 
appliance  is  tuned  for  things  such  as 
SOAP  calls,  it  can  anticipate  impend¬ 
ing  data  requests  and  prefetch  them 
to  the  cache,  further  speeding  the 
application. 

Joshua  Bixby,  senior  vice  presi¬ 
dent  of  products  and  sales,  says  the 
WS1000  watches  how  a  Web  servic¬ 
es  app  works  and  optimizes  its  per¬ 
formance  based  on  what  it  learns. 

The  WS1000  will  start  at  $30,000. 

Too  Many 
Orphans  in  IT 

Symark  International  Inc.,  which 
does  business  as  Symark  Software 
in  Agoura  Hills,  Calif.,  funded  a  sur¬ 
vey  of  managers  in  IT,  HR,  security 
and  other  areas  to  learn  just  how 
pervasive  the  problem  of  orphaned 
accounts  is. 

Very  pervasive,  it  seems. 

In  the  survey,  conducted  by  Oak 
Brook,  Ill.-based  eMediaUSA  and 
released  last  week,  27%  of  the  850- 
plus  respondents 
admitted  that  they 
had  more  than  20 
active  orphaned  ac¬ 
counts,  or  accounts 
that  weren’t  closed 
after  a  worker  or 
contractor  was  ter¬ 
minated.  Eight  per¬ 
cent  acknowledged  that  they  had  live 
accounts  for  100  or  more  ex-workers. 
More  incredibly,  15%  said  those  ac¬ 
counts  had  been  accessed  at  least 
once  since  the  person  had  left. 

Scarier  still,  42%  are  clueless.  That 
is,  they  don’t  know  how  many  or¬ 
phaned  accounts  exist  or  whether  or¬ 
phaned  accounts  are  still  being  used. 

Among  the  relatively  few  respon¬ 
dents  who  said  all  accounts  are  closed 
upon  an  individual’s  termination,  an 
amazing  12%  said  it  took  a  month  or 
longer  to  do  so. 

Ellen  Libenson,  vice  president 
of  marketing,  says  or¬ 
phaned  accounts  don’t 
get  the  attention  they 
deserve.  “Everybody 
knows  it,  but  people  are 
overextended,”  she  ex¬ 
plains.  ■ 


$98k 

Annual  savings  in 
energy  costs  for 
1,000  servers  shut 
off  25%  of  the  time, 
claims  Cassatt. 


9% 

Percentage  of 
eMediaUSA  survey 
respondents  who 
said  they  have  50 
to  99  orphaned 
accounts  on  their 
networks. 


O  MORE  BUZZ 

Discover  and  discuss 
more  industry  action  at 
the  On  the  Mark  blog: 

computerworid.com/ 

blogs/hall 


MAY  26,  2008  C0MPUTERW0RLD  15 


Dossier 

Name:  Don  Tapscott 

Title:  Chairman 

Organization:  nGenera  Innova¬ 
tion  Network 

Location:  Toronto 

Most  interesting  thing  people 
don’t  know  about  you:  “My 
Grade  3  teacher  told  my  moth¬ 
er  I’d  never  graduate  from  high 
school.” 

Favorite  technology:  His  1934 
Hammond  B3  organ 

In  high  school ...  “I  had  my 
father  as  a  French  teacher. 
Best  teacher  ever.” 

Favorite  nonwork  pastime: 

“My  band,  Men  in  Suits.  (Every¬ 
one  in  the  band  is  an  invest¬ 
ment  banker  except  me.)  On 
a  good  day,  my  24-year-old 
daughter,  Niki,  sings  lead.  But 
we  can’t  always  get  her,  as  she 
has  a  life.” 


Role  model:  Nelson  Mandela 


Social  passion:  Combatting  the 
stigma  of  mental  illness 


Write  your  own  epitaph:  “He 
endeavored  to  live  a  life  of 
integrity.”  | 

In  2006,  author  and  technology  think- 
tank  head  Don  Tapscott  teamed  up 
with  Anthony  D.  Williams  to  write 
Wikinomics:  How  Mass  Collaboration 
Changes  Everything  (Penguin  Group), 
a  hugely  successful  book  about  the 
Web  2.0  economy.  Now  Williams  and 
Tapscott,  a  former  Computerworld  col¬ 
umnist,  have  written  two  new  chapters 
that  offer  business  executives  tips  on 
how  to  embark  upon  mass  collaboration 
efforts;  the  additions  are  included  in 
a  new  version  of  the  book  that  was  re¬ 
leased  last  month. 


m  THE  GRILL 


Don  Tapscott 

The  Wikinomics  author  talks  about 

enabling  mass  collaboration,  build¬ 
ing  trust  and  understanding  why  Web 

sites  are  out  and  communities  are  in. 


In  the  book,  you  note  how  Goldcorp  used 
an  open-source-type  model  to  invite 
geologists  and  others  to  help  it  identify 
possible  locations  to  mine  for  gold.  What 
are  the  common  roadblocks  that  prevent 
other  organizations  from  embarking  on 
similar  initiatives?  The  big  one  is  that 
we  fear  what  we  don’t  know  and  under¬ 
stand.  For  any  senior  executive  to  de- 
Continued  on  page  13 


16  COMPUTERWORLD  MAY  26,  2008 


With  our  scanners,  everyone's  into  heavy  metal.  What's  different  about 
Kodak  i1200  and  i1300  Series  Scanners?  It's  what's  inside:  a  heavy-duty 
metal  paper  transport  that's  reliable  scan  after  scan.  Take  the  insider's 
online  "tour."  We'll  show  you  what  makes  these  scanners  rock. 


Kodak  i1200  &  i1300  Series  Scanners 


Kodak 


Visit  kodak.com/go/heavymetal 


©Kodak,  2008.  Kodak  is  a  trademark. 


■  THE  GRILL  I  DON  TAPSCOTT 


If  you  ap¬ 
proach  it 
as  protect¬ 
ing  your  IP  from  the 
beginning,  you’ll  end 
up  like  the  record  in¬ 
dustry  and  have  your 
business  obliterated. 


Continued  from  page  16 
cide  to  move  forward  on  this,  personal 
use  is  a  precondition.  So  unless  a  senior 
executive  decided  to  edit  a  Wikipedia 
page,  or  has  spent  time  on  Facebook 
with  their  kid,  or  has  tagged  a  photo  on 
Flickr,  they  have  no  idea  why  this  new 
Web  is  different  than  the  Web  of  the 
dot-com  era.  People  still  think  the  In¬ 
ternet  is  about  Web  sites  and  stickiness 
and  clicks  and  page  views.  But  that 
was  the  old  Internet  of  12  years  ago. 


The  other  thing  is  that  many  people 
mistakenly  believe  this  is  about  social 
networking  and  hooking  up  online,  or 
creating  a  gardening  community,  or 
putting  a  video  on  YouTube.  But  all  of 
that  is  so  2006.  This  is  a  new  mode  of 
production.  There’s  a  profound  change 
in  the  ways  that  we  orchestrate  capa¬ 
bilities  to  create  goods  and  services 
and  to  innovate.  I  don’t  think  it’s  hyper¬ 
bolic  to  say  it’s  the  biggest  change  in  a 
century  to  the  corporation. 

[But]  the  principles  of  wikinomics 
are  kind  of  counterintuitive.  This  guy 
at  Goldcorp:  The  conventional  wisdom 
is  to  work  inside  your  boundaries. 
What  he  should've  done  is  fired  his 
head  of  geology  and  gotten  better  tal¬ 
ent.  But  he  didn’t  do  that  —  he  won¬ 
dered  who  his  peers  are.  And  the  best 
submissions  [of  potential  mining  sites] 
didn’t  come  from  geologists  but  from 
mathematicians  and  consultants  and 
military  officers. 

And  he  gave  away  his  intellectual 
property.  That’s  unheard  of.  Why 
would  you  do  that?  Well,  the  market 
value  of  [Goldcorp]  went  from  $90  mil¬ 
lion  to  $10  billion,  and  a  lot  of  it  came 
down  to  trust. 

We  have  a  culture  of  control  rather 
than  a  culture  of  enablement  in  our 
companies.  We  seek  to  manage  risk 
by  being  opaque  and  by  trying  to  have 
tight  controls.  [But]  look  at  the  econo¬ 
my:  It’s  in  the  tank.  All  these  principles 
go  against  the  grain;  they  don’t  feel 
right  to  most  of  these  executives.  But 
$9  million  worth  of  research  tells  me 
these  are  the  axes  that  successful  21st- 
century  companies  will  be  built  with. 

So,  how  can  corporate  executives  work 
through  the  issues  that  you  just  cited? 

You’ve  got  80  million  young  people 
coming  into  the  workforce,  and  they, 
as  high  school  and  university  students, 
have  at  their  fingertips  more-powerful 
communications  tools  than  exist  in 
corporate  America.  They’re  itching  to 
go.  Why  not  stick  your  saddle  on  that 
horse  instead  of  pounding  your  head 
against  the  wall  with  someone  who 
thinks  that  Facebook  should  be  banned 
by  a  company?  It’s  bizarre  —  compa¬ 
nies  are  doing  the  exact  opposite  of 
what  they  should  be  doing.  It’s  remi¬ 
niscent  of  companies  banning  IM  five 
years  ago. 


How  is  mass  collaboration  playing  out  in 
the  pharmaceutical  industry,  where  com¬ 
petition  is  so  fierce?  There’s  a  lot  of  cog¬ 
nitive  dissonance  among  pharmaceuti¬ 
cal  executives.  In  the  biotechnology 
industry,  there’s  the  Human  Genome 
Project,  where  everyone  is  placing  [in¬ 
tellectual  property]  in  the  commons  so 
that  a  rising  tide  will  lift  all  boats.  But 
in  pharma,  they  have  this  huge  strug¬ 
gle  with  IP,  with  generic  drugs  and 
knockoffs.  The  industry,  by  outsourc¬ 
ing  drug  trials,  is  moving  forward  with 
sharing  IP.  But  they  haven’t  taken  the 
next  step  for  mass  collaboration.  If  you 
reach  Stage  IV  in  a  drug  trial,  what  a 
great  opportunity  to  use  the  Web  to 
see  what’s  going  on. 

Deep  down,  I  can’t  believe  that  ex¬ 
ecutives  would  be  so  thoughtless  and 
cynical  about  sharing  information. 
Why  not  have  a  different  model  so  that 
instead  of  doing  all  this  R&D  your¬ 
selves  and  producing  a  drug  and  using 
broadcast  media  to  push  it  out  into 
the  market,  you  apply  collaboration 
throughout  the  entire  process?  You  can 
share  IP  with  your  competitors,  and  ul¬ 
timately  you  tap  into  “ideagoras”  [i.e., 
a  marketplace  of  ideas].  It’s  a  great  ex¬ 
ample  of  an  industry  that  can  reinvent 
itself  using  this  model. 

To  embrace  the  notion  of  mass  collabo¬ 
ration,  what  steps  do  companies  need 
to  take  to  protect  their  own  intellectual 
property?  The  starting  point  shouldn’t 
be,  “How  do  we  protect  our  IP?”  The 
starting  point  should  be,  “How  do  we 
innovate?”  IBM  doesn’t  expect  to  own 
its  primary  operating  system,  which 
now  is  Linux.  Every  one  of  us  has  a 
mutual  fund  that  includes  a  portfolio 
of  stocks:  high-tech,  U.S.,  Asian,  etc. 
Every  company  needs  a  portfolio  of 
intellectual  property  —  some  that  it 
protects,  some  that  it  shares  within  its 
business  Web  and  some  that  it  places 
in  the  commons,  like  the  biotech  com¬ 
panies  did  around  the  Human  Genome 
Project. 

If  you  approach  it  as  protecting 
your  IP  from  the  beginning,  you’ll 
end  up  like  the  record  industry  and 
have  your  business  obliterated.  The 
industry  that  brought  you  Elvis  and  the 
Beatles  is  now  suing  its  customers  and 
collapsing. 

—  Interview  by  Thomas  Hoffman 


18  C0MPUTERW0RLD  MAY  26,  2008 


The  virtualization  solution  that  brings  Windows®  Server  2008  and  SUSE®  Linux  Enterprise  Server  together  is  here. 
And  so  is  joint  customer  support  from  Microsoft®  and  Novell®.  So  you  can  run  two,  three  or  even  four  applications 
all  on  the  same  server  with  your  choice  of  operating  system  —  and  get  more  reliability,  flexibility,  efficiency  and 
utilization  than  ever  before.  All  with  clearly  defined  intellectual  property  rights  and  no  support  headaches. 


RUN  WITH  IT  AT  MOREINTEROP.COM 


Novell.  Microsoft 


Copyright  ©  2003  Novell,  Inc,  and  Microsoft  Corporation.  All  Rights  Reserved.  Novell,  the  Novell  logo  and  SUSE  are  registered  trademarks  of  Novell,  Inc.  in  the  United  States  and 
other  countries.  ‘Linux  is  a  registered  trademark  of  Linus  Ton/aids.  Microsoft  and  Windows  Server  are  trademarks  of  the  Microsoft  group  of  companies. 


Bruce  A.  Stewart 


Taking  Control 
By  Letting  Go 

I  KNOW  OF  a  central  IT  group  that  recently  grew  eight¬ 
fold  overnight.  No,  not  through  a  merger  —  it  was  the  us¬ 
ers  turning  their  shadow  IT  groups  over  to  IT  because 
they  don’t  need  them  anymore.  All  of  this  happened  be¬ 
cause  this  central  IT  organization  got  into  the  business  of  creat¬ 
ing  tools  for  users  to  satisfy  reasonable  IT  needs  on  their  own. 


Most  of  the  IT  groups  I 
see  operate  in  command- 
and-control  mode,  born 
out  of  the  needs  for  secu¬ 
rity  and  compliance.  And 
these  needs  certainly  ex¬ 
ist!  Couple  them  with  tight 
budgets,  however,  and 
central  IT  starts  to  be  seen 
as  the  choke  point,  the 
place  where  you  can’t  get 
things  done  —  or  at  least 
not  quickly. 

That  inevitably  leads  to 
the  creation  of  shadow  IT 
groups  and  a  slew  of  users 
buying  applications  (typi¬ 
cally  as  software  as  a  ser¬ 
vice)  and  rolling  their  own 
apps  in  spreadsheets  that 
ought  to  have  more  rigor 
and  controls  than  they  do. 
In  other  words,  every  time 
a  door  is  closed,  a  way  to 
get  around  it  opens  up. 

IT  organizations  that 
open  doors  and  find  ways 
to  serve  their  users  quickly 
—  even  to  the  point  of 
turning  over  certain  types 
of  development  frame¬ 
works  to  them  —  aren’t 
giving  up.  Rather,  they’re 
being  businesslike  and 


making  themselves  the 
vendors  of  choice. 

At  one  of  my  clients,  the 
basic  materials  being  pro¬ 
vided  take  the  form  of  or¬ 
ganized  data,  implemented 
around  IT’s  desired  (but 
not  yet  achieved)  informa¬ 
tion  architecture,  and  tools 
to  get  at  it,  such  as  business 
intelligence  apps,  precoded 
queries,  and  Excel  or  Ac¬ 
cess  “receptors”  for  data 
extracts. 

IT  provides  portal  soft¬ 
ware  and  wikis  to  build 
Web-based  applications, 
and  it  has  added  widgets 
and  other  tools  for  mash- 
ups.  It  offers  advice  in  blog 
posts,  how-to  forums  and 
podcasts  that  are  really 
short  education  sessions. 
This  makes  it  easy  to  get 
small  things  done:  no 

■  When  you 
make  it  easy 
to  do  business 
with  you,  you 
get  business. 


formal  project  required, 
and  no  nonsense  about 
funding.  IT  has  also  set  up 
its  own  portal  structure, 
making  it  easy  to  get  a  new 
cell  phone,  borrow  equip¬ 
ment  for  travel  (including 
iPods  for  podcasts  on  long 
flights)  or  book  profession¬ 
al  time  with  an  IT  expert. 

When  you  make  it  easy 
to  do  business  with  you, 
you  get  business.  At  this 
company,  hundreds  of 
business-side  business 
analysts  were  doing  IT 
work,  though  they  were  in 
jobs  that  had  no  clear  route 
either  back  to  the  business 
or  deeper  into  technical 
work.  With  IT’s  change  in 
approach,  they  suddenly 
had  competition.  The  busi¬ 
ness  areas  got  out  of  the  IT 
business,  since  they  could 
get  small  things  done  fast 
without  IT,  while  the  rest 
could  go  through  proper 
channels.  The  business 
side  kept  the  most  talented 
analysts  and  turned  the 
others  over  to  central  IT, 
where  they  could  grow. 

The  CIO  also  moved  to  a 


governing  board  structure, 
to  get  input  from  business 
leaders  on  prioritization 
and  direction. 

A  lot  of  IT  still  gets  built 
out  in  the  user  areas,  but  it 
now  has  support.  The  cen¬ 
tral  group  offers  a  service 
to  audit  spreadsheets  and 
Access  databases  for  integ¬ 
rity:  Users  can  face  corpo¬ 
rate  compliance  and  audit 
on  their  own  or  have  their 
systems  checked  out  and 
approved  by  IT.  Almost  no 
one  goes  it  alone  —  and 
the  security,  integrity  and 
compliance  needs  are  met 
cooperatively. 

Meanwhile,  IT  offers  a 
lot  more  advice  upfront, 
long  before  minds  get  set. 
Vendors,  too,  are  realizing 
that  the  road  to  a  sale  runs 
through  IT,  not  the  busi¬ 
ness.  All  in  all,  a  lot  more 
gets  done,  and  a  lot  less 
trouble  emerges. 

The  CIO  funded  this 
shift  totally  from  the  base 
IT  budget  —  it  has  cost  all 
of  2%,  or  basically  the  in¬ 
novation  budget  for  a  year. 

In  a  time  of  constraints, 
opening  up  in  this  way  re¬ 
lieves  the  pressure  created 
by  projects  that  aren’t  able 
to  get  approval  anyway. 
Give  “supplier  of  choice” 
a  try;  you  might  be  sur¬ 
prised  at  how  enthusiasti¬ 
cally  users  respond.  ■ 
Bruce  A.  Stewart  is  CEO 
of  Vancouver,  British 
Columbia-based  Accendor 
Research  Inc.,  an  advisory 
services  firm  focused  on 
management  issues  in 
the  technology-enabled 
enterprise.  He  can  be 
reached  at  bruce.stewart@ 
accendor.com.  / 


t 


,  i 


20  C0MPUTERW0RLD  MAY  26,  2008 


i 


SunGard,  Setting  new  standards  for 
Information  Availability  by  delivering 
a  range  of  solutions  that  meet  your 
specific  availability  objectives.  Flexible 
enterprise  wide  solutions  from  IT 
management  to  Advanced RecoverySM. 
2,500  experts.  Three  decades  of 
experience.  100%  successful 
recovery  track  record. 

To  see  how  SunGard  can  help 
improve  your  IT  availability  stop 
by  www.availability.sungard.com 
or  call  800-871-5857  today. 


SUNGARD 

Availability  Services 


Keeping 

and  Inforraaifxoa 
Connected: 

. , .  .  tth 

680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.conn 


■  COVER  STORY 


Nearly  seven  years  after  9/11, 
informat  on-sharing  problems 
that  hobb  e  law  enforcement  are 
just  beginning  to  be  solved. 

BY  ROBERT  L.  MITCHELL 


.S.  BORDER  PATROL 
agents  intercept  a  man 
trying  to  enter  the  U.S. 
illegally  from  Mexico. 
Unaware  that  he  is 
wanted  by  the  FBI  for 
three  murders,  they 
return  him  to  Mexico.  The  man  re¬ 
turns  to  the  U.S.  and  murders  several 
more  people  before  being  caught. 

A  team  of  investigators  works  for  20 
years  to  bring  down  an  international 
drug-trafficking  organization.  Had 
they  known  about  related  information 
in  other  law  enforcement  databases 
scattered  across  the  U.S.,  the  case 
might  have  been  closed  in  three. 

True  stories  like  these  have  high¬ 
lighted  the  critical  need  to  improve  in¬ 
formation  sharing  among  law  enforce¬ 
ment  organizations,  but  it  wasn’t  until 
the  9/11  attacks,  the  subsequent  9/11 
Commission  Report  and  a  presidential 
mandate  that  better  information  shar¬ 
ing  became  a  top  priority. 

The  initiatives  that  arose  from  that 
mandate  are  finally  beginning  to  open 
up  stovepiped  data  repositories  by 
transforming  how  law  enforcement 
agencies  at  the  federal,  state  and  local 
levels  capture,  store  and  share  data. 

The  biggest  changes  have  come 
in  two  areas:  how  law  enforcement 
identifies  bad  guys,  and  how  investiga¬ 
tors  gain  access  to  incident  reports 
documented  by  more  than  20  federal 
agencies  and  20,000  state,  county,  lo¬ 
cal  and  tribal  law  enforcement  organi¬ 
zations  nationwide.  “You’ll  be  able  to 
search  data  that  you  never  had  access 
to  before,”  says  Tom  Bush,  assistant 
director  in  the  FBI’s  Criminal  Justice 
Information  Services  (CJIS)  division. 

Most  of  the  improvements  in  data 
sharing  flow  from  the  development  of 
the  Global  Justice  XML  Data  Model, 
a  standard  that  provides  a  common 
vocabulary  and  structure  for  the  ex¬ 
change  of  data  among  law  enforcement 


Failure  to 
Communicate 


Percentage  of  police 
agencies  that  use  auto¬ 
mated  systems  to  man¬ 
age  incident  report  data. 


Percentage  of  those 
%  systems  that  are  ca¬ 
pable  of  sharing  that 
information. 


databases.  Initiated  by  the  U.S.  Depart¬ 
ment  of  Justice,  GJXDM  was  released 
in  2003.  “By  2004,  there  were  projects 
all  across  the  country  using  it,”  says 
Paul  Wormeli,  executive  director  of 
the  Integrated  Justice  Information  Sys¬ 
tem  Institute,  a  public-private  partner¬ 
ship  that  helped  develop  the  standard. 

In  2005,  CIOs  at  the  DOJ  and  the 
U.S.  Department  of  Homeland  Security 
agreed  to  build  the  National  Informa¬ 
tion  Exchange  Model  (NIEM),  an  ex¬ 
tension  of  GJXDM  that  facilitates  data 
sharing  beyond  law  enforcement  to 
the  areas  of  justice,  public  safety,  intel¬ 
ligence,  homeland  security,  and  emer¬ 
gency  and  disaster  management.  Work 
is  also  beginning  on  direct  computer- 
to-computer  data  exchanges  using  Web 
services.  “This  field  is  waking  up  to 
service-oriented  architectures,”  says 
Wormeli,  noting  that  some  reference 
architectures  are  already  in  place. 

These  standards  are  designed  to 
solve  the  problem  of  proprietary  and 
incompatible  law  enforcement  record 
management  systems  without  requir¬ 
ing  every  organization  to  throw  out 
what  they  have  and  start  over.  “The 
beauty  of  NIEM  is  that  it  preserves  the 
legacy  systems.  We’re  building  middle¬ 
ware,”  says  Wormeli. 

Most  of  the  identity  databases  at 
the  federal  level  aren’t  yet  NIEM- 
compliant,  but  agencies  are  planning 


upgrades  to  those  systems  and  have 
already  taken  steps  to  facilitate  data 
sharing.  Although  federal  agencies  use 
many  databases  for  law  enforcement, 
the  three  primary  identity  databases 
are  the  FBI’s  Integrated  Automated 
Fingerprint  ID  System  (IAFIS);  the 
DHS’s  IDENT  fingerprint  database  of 
90  million  foreign  nationals,  gathered 
from  visa  applications  and  used  at  all 
points  of  entry;  and  the  U.S.  Depart¬ 
ment  of  Defense’s  Automated  Bio¬ 
metric  Identification  System  (ABIS), 
currently  used  to  monitor  foreign  na¬ 
tionals  entering  and  leaving  U.S.  mili¬ 
tary  bases  in  Iraq  and  Afghanistan. 

IDENT,  IAFIS  and  ABIS  are  all  ca¬ 
pable  of  some  data  exchanges  by  way 
of  GJXDM  today,  but  each  is  being  re¬ 
worked  to  natively  support  the  NIEM 
standard  and  allow  data  exchanges  with 
databases  in  fields  outside  of  law  enforce¬ 
ment,  such  as  emergency  management. 
IDENT  is  in  the  process  of  being  up¬ 
dated,  and  contracts  to  develop  the  next 
generations  of  IAFIS  and  ABIS,  which 
will  add  facial  and  iris  image-recognition 
capabilities,  were  awarded  in  February. 

BROKEN  RECORDS 

The  second  half  of  law  enforcement’s 
silo  problem  is  the  inability  to  access 
incident  reports. 

Agencies  share  information  on  crim¬ 
inals  and  arrest  records  with  the  FBI, 
but  the  incident  reports,  which  detail 
the  crimes,  remain  isolated  in  thou¬ 
sands  of  federal,  state,  county  and  local 
record  management  systems.  Those 
records,  consisting  of  structured  and 
unstructured  data,  are  the  lifeblood  of 
investigations,  says  Maj.  Chris  Brown 
of  the  Oregon  State  Police. 

Although  75%  of  police  agencies 
use  automated  systems  to  store  those 
records,  less  than  25%  of  those  systems 
are  capable  of  sharing  that  informa¬ 
tion,  says  Dan  Hawkins,  director  of 
public  safety  programs  at  Search,  a 
national  consortium  of  state  agencies 
that  promotes  information  sharing. 

Regional  data-sharing  networks  have 
sprung  up  around  several  metro  areas, 
but  there  is  currently  no  way  for  inves¬ 
tigators  to  access  all  of  the  disparate 
record  management  systems  across 
the  country.  That  ability  to  “connect 
the  dots”  is  important  not  only  for  FBI 
trending  and  analysis,  but  also  for  wide- 


MAY  26, 2008  C0MPUTERW0RLD  23 


Department  of  Defense 


ABIS 

Automated  Biometric 
Identification  System 


Department  of  Justice 

-  FBI 

Criminal  Justice 
Information  Services  (CJIS) 

IAFIS 

Integrated  Automated 
Fingerprint 
Identification  System 


Contains  2.4  million  identity  records  on 
foreign  nationals.  ABIS  gathers  fingerprint  (10- 
print),  facial  and  iris  biometric  data  but  currently 
uses  only  fingerprints  for  identification. 


Next  Generation 


Identity  and  criminal  history  data  on 
55  million  people,  including  mug  shots  and  prints 
for  all  10  fingers.  Includes  a  terrorist  watch  list. 


Next  Generation 
Identification  system 


The  ABIS  update  will,  add 
palm  prints  and  allow 
identification  using  all 
ft  r  biometric  identity 
measurements,  « 


IAFIS  update  will  add 
palm,  face  and  iris 
recognition,  as  well 
as  photo-sea  hing 
capabilities. 


Department  of  Homeland  Security 

United  States  Visitor  and  Immigrant  Status 
Indicator  Technology  (US-VISIT)  program 


IDENT 

Automated  Biometric 
Identification  System 


NCIC 

National  Crime 
Information  Center 
database 


20  million  records  containing 
information  on  crime-related  “things 
and  people,”  including  violent 
gangs,  terrorist  organizations, 
stolen  property,  and  missing 
and  wanted  persons. 


Law  Enforcement 
National  Data  Exchange 

W  collect  and  corn  ate  criminal 
incident  reports,  most  of  which 
are  locked  in  thousands  of 
disconnected  federal,  state, 
local  and  tribal  law  enforcement 
agency  record  management 
systems. 


Identity  data  on  90  million  foreign 
nationals  for  identification  checks  at  U.S. 
border  checkpoints.  Includes  FBI  data  on 
4.1  million  individuals  on  the  terrorist  watch 
list.  Until  recently,  IDENT  used  two  fingerprints 
instead  of  10  and  used  a  pressed  fingerprint 
rather  than  one  obtained  by  rolling  the  fingertip 
over  a  sensor,  as  the  FBI  does.  This  made 
match-ups  with  IAFIS  and  other  databases 
difficult.  This  year,  IDENT  began  migrating  to 
the  FBI’s  10-print  standard,  easing 
interoperability  problems. 


KEY  TO  LAW 
ENFORCEMENT 
DATABASE 
STANDARDS 


|§|  =  Global  Justice  XML  Data  Model  (GJXDM)  -  An  XML-based  standard  that  defines  the  vocabulary  and  format  for 
data  exchanges  among  law  enforcement  databases.  All  of  the  databases  above  now  support  GJXDM  data  exchanges. 

=  National  Information  Exchange  Model  (NIEM)  -  The  NGI,  N-DEx  and  NGA  are  NIEM-compliant,  which  means 
that  they  meet  the  information  exchange  technical  standards  developed  by  the  DOJ's  Office  of  Justice  Programs  and 
local  law  enforcement  agencies.  Based  on  the  GJXDM,  NIEM  is  an  updated  standard  that  serves  a  broader  community 
beyond  law  enforcement.  It  promotes  cross-domain  data  sharing,  such  as  exchanges  between  law  enforcement  and 
emergency  management.  NIEM  includes  GJXDM  as  well  as  other  data  structures. 


ranging  investigations,  such  as  Brown’s 
ultimately  successful  20-year  pursuit  of 
an  international  drug  ring.  In  that  case, 
he  says,  “the  scope  of  the  organization, 
the  number  of  places  involved  and  the 
distribution  of  people  presented  an  in¬ 
credible  challenge  to  investigators.” 

So  last  March,  the  DOJ  and  the  FBI’s 
CJIS  division  began  rolling  out  the  Na¬ 
tional  Data  Exchange  initiative  (N-DEx), 
a  NIEM-compliant  database  and  data- 


sharing  network.  N-DEx  was  designed 
to  gather  and  exchange  incident  and 
case  reports,  as  well  as  arrest,  incarcera¬ 
tion  and  parole  records,  and  other  data 
with  all  NIEM-compatible  systems  in 
local,  state,  tribal  and  federal  agencies. 

Both  the  FBI  and  the  DOJ  wanted  to 
have  federated  search  capability  across 
incident  reports  residing  in  state  and 
local  record  management  systems  na¬ 
tionwide  while  allowing  those  records 


to  be  updated  and  maintained  by  their 
local  owners.  “The  locals  maintain  pos¬ 
session,  but  we  have  visibility  into  their 
sharable  information,  and  they  have 
similar  visibility  into  ours,”  said  Vance 
Hitch,  Justice  Department  CIO,  in  an 
e-mail  exchange  with  Computerworld. 

“Within  the  system,  we’ll  do  correla¬ 
tion  of  data,  pull  out  entities  [incident 
data]  and  provide  the  ability  to  search 
the  data,”  says  program  manager  Kevin . 


24  COMPUTERWORLD  MAY  26,  2008 


Reid.  Investigators  can  use  the  system 
to  make  connections  among  incidents 
that  might  help  to  identify  and  track 
down  suspects,  says  Brown. 

In  the  first  phase  of  the  $85  million 
project,  N-DEx  will  incorporate  about 
100  million  records,  including  records 
from  federal  agencies.  Initially,  records 
will  come  from  case  management 
systems  at  the  FBI  and  the  Air  Force 
Office  of  Special  Investigations,  fol¬ 
lowed  later  by  those  of  the  Bureau  of 
Alcohol,  Tobacco  and  Firearms,  the 
Drug  Enforcement  Administration,  the 
U.S.  Marshals  Service,  and  the  Bureau 
of  Prisons,  says  Reid. 

The  regional  data-sharing  networks 
are  also  being  connected.  Initial  de¬ 
ployments  include  networks  in  Dela¬ 
ware,  Oregon,  Nebraska,  Texas,  Ohio, 
San  Diego  and  Los  Angeles. 

In  this  phase,  50,000  law  enforce¬ 
ment  users  will  have  access  to  the 
N-DEx  system.  The  next  step  will  be 
to  support  Web  services  access  and 
expand  the  user  base  to  100,000,  says 
Reid.  Ultimately,  the  system  will  have 
about  200,000  users  and  contain 
250  million  records.  CJIS  plans  to  add 
tools  to  enable  investigators  to  work 
together  on  cases  that  cross  borders. 
Investigators  will  be  able  to  use  N-DEx 
to  create  virtual  regional  information¬ 
sharing  systems  and  form  joint  task 
forces  on  the  fly,  says  Reid. 

Brown  was  an  early  adopter  of  N-DEx 
and  is  a  true  believer  in  the  system.  If 
N-DEx  had  been  at  full  capacity  when 
he  was  working  his  drug  investigation, 
he  says,  “we  would  have  been  able  to  do 
this  in  two  to  three  years  instead  of  20.” 

Linda  Rosenberg,  director  of  the 
Pennsylvania  Office  of  Criminal  Justice 
Improvement,  credits  CJIS  with  doing  “a 
tremendous  job”  with  N-DEx.  The  state 
has  1,200  municipal  police  departments 
and  no  central  department  of  public 
safety,  so  tying  those  disparate  systems 
together  has  sometimes  looked  like  an 
insurmountable  challenge.  “Now  you 
don’t  have  to  go  back  and  build  these 
data  warehouses  and  totally  redo  your 
entire  infrastructure,”  Rosenberg  says. 

CHICKEN  AND  EGO 

For  the  system  to  work,  the  information 
needs  to  flow  in  both  directions.  “That’s 
the  challenge,”  says  David  Gavin,  assis¬ 
tant  chief  of  the  administration  division 


Defiant  Data 

Several  years  ago,  a  person  approached 
a  guard  at  a  nuclear  plant  and  asked  a 
series  of  suspicious  questions,  such  as 
where  he  had  obtained  his  uniform.  The 
guard  reported  that  the  person  asked  the 
questions  but  could  not  identify  him.  “How 
do  you  put  that  into  a  database  to  see  if 
someone  asked  similar  questions  at  an¬ 
other  nuclear  plant?”  asks  Paul  Wormeli, 
executive  director  of  the  Integrated  Jus¬ 
tice  Information  System  Institute. 

Better  integration  of  law  enforcement 
databases  can  help  identify  and  track  inci¬ 
dent  activity  for  known  criminals,  but  iden- 


C0VER  STORY 


tifying  terrorists  is  more  challenging.  Many 
identity  matches  are  made  on  the  basis  of 
fingerprints,  and  law  enforcement  doesn’t 
necessarily  have  fingerprints  for  known  or 
suspected  terrorists  unless  they’ve  been 
arrested  in  the  U.S.  or  have  been  picked  up 
by  the  IDENT  or  ABIS  systems. 

Not  only  is  matching  such  persons  with 
law  enforcement  identity  databases  diffi¬ 
cult;  figuring  out  how  to  identify  and  track 
possible  terrorists  raises  privacy  issues 
as  well.  Agencies  must  follow  privacy 
policies  that  determine  what  can  be  done 
with  identity  data,  how  long  it  can  be  kept 
on  file  and  when  identity  information  is 
relevant  to  an  investigation. 

-  ROBERT  L.  MITCHELL 


at  the  Texas  Department  of  Public  Safe¬ 
ty,  which  runs  a  regional  data-sharing 
network  known  as  T-DEx.  “How  do  you 
get  all  of  the  record  management  sys¬ 
tems  in  the  country  to  export  in  that 
format  so  that  they  can  participate 
and  not  just  access  [N-DEx]?” 

Regional  law  enforcement  networks 
will  want  to  tie  in,  but  connecting  mul¬ 
tiple  record-management  systems  will 
be  challenging.  To  facilitate  that,  the 
Office  of  Justice  Programs’  Community 
Oriented  Policing  Services  program  at 
the  DOJ  last  year  awarded  $159  million 
in  technology  grants,  with  one  caveat: 
Any  record  management  system  proj¬ 
ect  is  required  to  be  NIEM-compliant. 

Moreover,  several  vendors  of  record 
management  systems  have  been  map¬ 
ping  law  enforcement  agency  data 
to  the  NIEM-standard  format  free  of 
charge  in  hopes  of  getting  future  up¬ 
grade  contracts,  says  Reid. 

The  DOJ’s  objective  is  to  have  all 
20,000  agencies  online  within  three 
years,  but  Reid  is  more  optimistic.  “By 
2009, 1  think  we’ll  have  the  majority  of 
the  country  participating,”  he  says. 

That  may  be  enough  time  to  get  the 
major  regional  information-sharing 
systems  linked  up,  but  Hawkins  thinks  it 
will  take  much  longer  for  the  rest  of  law 
enforcement  community  to  follow  along. 

And  Brown  isn’t  so  sure  that  things 
will  proceed  smoothly.  Most  record 
management  systems  in  use  by  law  en¬ 
forcement  are  so  highly  customized  that 
they  often  can’t  even  share  information 
with  other  localities  using  the  same  soft¬ 
ware,  he  says.  Integration  is  expensive. 

The  federal  government  set  aside 


$85  milhon  to  complete  the  N-DEx  back¬ 
end  systems  and  allocated  nearly  twice  as 
much  in  grants  last  year  to  help  state  and 
local  agencies  update  and  connect  their 
record  management  systems.  But  state 
and  local  officials  say  the  federal  govern¬ 
ment  needs  to  spend  much  more  to  get 
everyone’s  data  connected  —  a  critical 
step  to  making  N-DEx  truly  useful. 

“I  don’t  believe  that  there  is  the  fed¬ 
eral  funding  to  make  it  happen,”  says 
Hawkins,  noting  that  the  $159  million 
in  grant  funding  last  year  went  to  just 
37  out  of  more  than  20,000  agencies 
nationwide.  Barring  a  major  increase 
in  federal  funding,  Hawkins  says  that  it 
could  be  10  years  before  the  majority  of 
agencies  are  online  with  N-DEx. 

Rosenberg  is  also  doubtful.  Despite 
the  $159  million,  “the  pot  of  money 
[from  the  DOJ]  that’s  used  by  state  and 
locals  for  information  sharing  has  been 
cut  by  two-thirds,”  she  says.  Rosenberg 
says  she  worries  that  without  more  fed¬ 
eral  dollars,  smaller  agencies  will  sim¬ 
ply  forgo  uploading  their  own  data. 

Hawkins  also  worries  about  unantic¬ 
ipated  integration  issues.  “There’s  still 
a  lot  of  testing  to  be  done  as  to  what 
NIEM-compliant  means,”  he  says. 

But  Reid  says  mapping  data  to 
GJXDM  and  validating  the  data  isn’t 
that  complicated.  “All  they  need  is  an 
XML  mapping  tool,”  he  says. 

Wormeli  sees  a  bright  future  for  data 
sharing  in  law  enforcement.  “We  have 
the  standards,  we  have  the  architectures, 
and  for  the  first  time,  the  president 
has  created  an  information-sharing 
policy,”  he  says.  “There’s  a  feeling  of 
collaboration.”  ■ 


MAY  26,  2008  C0MPUTERW0RLD  25 


ffl  IT  MENTOR 


EASY  WAYS 
TO  COMMIT 
CAREER 
SUICIDE 


26 


COMPUTERWORLD  MAY  26,  2008 


O 

h- 

o 

I 

Q. 

X 

o 

o 

t- 

W) 


Technology 
can  facilitate 
blunders, 
but  the  old- 


fashioned 
methods  still 
work,  too. 

BY  CALVIN  SUN 


BANG! 

Without  warning,  the  rifle 
discharged,  tearing  a  hole 
through  the  floorboard  of 
the  car  of  an  Army  colo¬ 
nel.  The  rifle  belonged  to  a 
young  lieutenant  who  had 
been  invited  to  go  hunting 
with  the  colonel. 

Though  no  one  was  hurt, 
the  incident  left  everyone  in 
the  car  shaken.  Worse,  the 
lieutenant  had  shot  his  own 
career  in  the  foot,  according 
to  executive  coach  Bruce 
Sillers,  who  was  a  member 
of  the  lieutenant’s  battalion 
at  the  time  of  the  incident. 

You  may  never  have  reck¬ 
lessly  discharged  a  firearm, 
but  if  you  want  to  blast  a 
hole  in  your  career,  there 
are  plenty  of  weapons  avail¬ 
able,  from  a  hair-trigger 
response  to  an  e-mail  to  a 
faux  pas  at  a  company  party. 
Here  are  five  big  no-nos  to 
watch  out  for. 

1  SENDING  INAPPRO¬ 
PRIATE  E-MAIL 

Ever  read  an  e-mail  too 
quickly  and  fire  off  an 
angry  reply,  only  to  discover 
later  that  you  had  misinter¬ 
preted  the  original  sender’s 
message?  You  end  up  not 
only  wasting  everyone’s 
time,  but  also  poisoning 
your  work  relationships 
—  perhaps  permanently. 

Before  you  reply  to  an 
e-mail  that  has  elevated 


your  blood  pressure,  ask 
yourself,  “Would  I  feel  com¬ 
fortable  explaining  my  re¬ 
sponse  on  a  witness  stand?” 
or  “Would  I  want  my  re¬ 
sponse  to  be  published  on 
the  front  page  of  The  New 
York  Times?” 

If  the  answer  is  no,  take 
time  to  cool  off.  Store  the 
message  in  a  drafts  folder 
and  review  it  later.  Are  you 
sure  this  is  what  you  want 
to  say,  especially  if  you’re 
directly  insulting  the  recipi¬ 
ent?  Could  your  words  be 
interpreted  more  negatively 
than  you  intend?  And  fi¬ 
nally,  would  you  want  this 
message  to  find  its  way  to 
your  boss  —  or  to  the  HR 
director? 

By  the  way,  don’t  count  on 
the  “Unsend”  feature  to  bail 
you  out.  It  will  fail  when  you 
need  it  most.  And  be  very 
careful  not  to  hit  Reply  All 
—  or  your  supposedly  per¬ 
sonal  conversation  could  be 
the  talk  of  the  office. 


2  PUTTING  DOWN 
CO-WORKERS 

Having  done  a  sig¬ 
nificant  amount  of 
work  for  a  particular  client, 

I  decided  one  day  to  try  to 
expand  my  presence  there. 

I  called  an  executive  in  an¬ 
other  part  of  that  organiza¬ 
tion,  introduced  myself  and 
said  that  “Carl”  (a  fictitious 
name  for  the  IT  executive 
with  whom  I  had  been 
working)  was  pleased  with 
my  work. 

That  executive  respond¬ 
ed,  “Why  should  I  care  what 
Carl  thinks?” 

Not  smart  —  especially 
when  said  to  someone  out¬ 
side  the  organization.  If  Carl 
had  heard  about  this  remark 
—  and  these  things  do  get 
around  —  it  could  have  cre¬ 
ated  a  Grand  Canyon-size 
rift  between  him  and  his 
indiscreet  co-worker.  More 
critically,  remarks  like  this  - 


damage  the  credibility  of 
the  organization. 

Here’s  another  example: 
Suppose  you’re  the  person 
to  whom  help  desk  staffers 
escalate  problems  when 
they  are  unable  to  resolve 
them.  You  find  out,  while 
talking  to  a  customer,  that 
the  staffer  she  spoke  with 
gave  her  some  really  poor 
information.  At  this  point, 
you  may  think  the  staffer  is 
an  idiot,  but  it’s  not  a  good 
idea  to  say  so. 

For  one  thing,  if  your  boss 
gets  word  that  you’re  bad- 
mouthing  your  co-workers 
to  the  customers,  you  could 
be  in  big  trouble.  Maintain¬ 
ing  a  united  company  front 
when  dealing  with  the  cus¬ 
tomer  is  a  much  better  idea. 
Resolve  any  issues  with 
your  IT  colleagues  privately. 

CONTRADICTING 
THE  BOSS 
IN  PUBLIC 

Suppose  that  your 
boss  makes  a  factual  error 
while  giving  a  presentation. 
Should  you  jump  in  and  cor¬ 
rect  the  error  immediately, 
secure  in  the  knowledge 
that  your  boss  will  thank 
you  for  underlining  the 
mistake  in  front  of  an  entire 
room  of  people? 

Um ...  no. 

Correcting  your  boss  in 
public  will  hardly  endear 
you  to  him.  More  likely,  he 
will  be  upset  at  being  made 
to  look  foolish,  and  he  may 
even  wonder  why  you  didn’t 
catch  the  error  yourself 
prior  to  the  presentation. 

When  can  you  safely 
contradict  the  boss  in  pub¬ 
lic?  I  can  think  of  only  two 
instances. 

First,  if  the  building  is  on 
fire  and  your  boss  is  point¬ 
ing  people  to  the  wrong  exit. 

Second,  if  the  boss  makes 
a  mistake  about  making  a 
mistake.  In  other  words,  if 
he  identifies  the  correct  ven- 


ON  THE 

i  BRIGHT 
SIDE 

AVOIDING  BLOOPERS 
IS  ONLY  THE  BEGINNING. 
HERE  ARE  SOME  SKILLS 
AND  CHARACTERISTICS 
THAT  YOUR  BOSS  WILL 
;  VALUE. 

|  THE  FIVE  MOST  VALUABLE 
SKILLS  IN  CURRENT 
;  IT  EMPLOYEES: 

!  1.  Working  well 
with  customers 

I  2.  Communication 

;  3.  Project  management 

;  4.  Strategic  thinking 

1  5.  Application 
development 

j  THE  FIVE  MOST  SOUGHT- 
!  AFTER  CHARACTERISTICS 
!  IN  AN  UP-AND-COMING 
i  IT  LEADER: 

1.  Knowledge  of 
the  business 

;  2.  Communication  skills 

;  3.  Technical  knowledge 

!  4.  A  record  of  innovation 

5.  A  career  history  in 
the  industry 

m*  m.  ~  m,  m,  S 

SOURCE:  COMPUTERWORLD  INTERNET  POLL 
OF  139  IT  LEADERS.  JANU ARY-FEBRUARY  2007 

dor  for  your  off-site  backup, 
then  mistakenly  says, 

“Sorry,  that  was  wrong,” 
you  absolutely  may  say,  “No 
boss,  you  were  right  to  be¬ 
gin  with.” 

Otherwise,  exercise  ex¬ 
treme  discretion  when  your 
boss  misspeaks  in  public.  If 
the  matter  is  truly  important 
(for  example,  the  CIO  gives 
the  wrong  go-live  date  for 
your  SAP  project),  approach 
him  during  a  break  and  qui¬ 
etly  mention  the  mistake. 

A  smart  and  gracious  CIO, 
upon  resumption  of  the  ses¬ 


sion,  will  identify  the  error, 
apologize  and  credit  you 
with  the  correction. 

COMMITTING 
SOCIAL  BLUN¬ 
DERS  AT  A  COM¬ 
PANY  EVENT 

Staff  misbehavior  at  office 
parties  has  been  a  cliche 
at  least  since  the  1950s,  but 
that  doesn’t  mean  people 
still  don’t  make  fools  of 
themselves.  Don  Micha¬ 
lak,  co-author  of  Making 
the  Training  Process  Work 
(Writers  Club  Press,  2001) 
and  a  consultant  for  compa¬ 
nies  such  as  Ford  Motor  Co., 
KPMG  International  and 
Marsh  &  McLennan  Co., 
stresses  that  such  functions 
are  not  purely  social  events. 
“Don’t  do  anything  you 
wouldn’t  do  at  the  office  or 
at  a  client’s  office,”  he  says. 

Don’t  park  at  the  shrimp 
cocktail  table  or  pig  out  at 
the  buffet.  And  if  alcohol  is 
being  served,  be  careful.  You 
know  what  can  happen  when 
a  person  drinks  too  much. 

If  you  bring  a  guest,  warn 
him  to  watch  what  he  says. 
You  don’t  want  your  guest 
to  introduce  himself  to  the 
boss  and  say,  for  example, 
“Oh,  you’re  not  as  bald  as  I’d 
heard  you  were!” 

BURNING 
BRIDGES  WHEN 
YOU  RESIGN 

Many  of  us  fanta¬ 
size  about  telling  off  the 
boss  when  we  quit  a  job. 

But  before  you  let  loose, 
think  twice.  Remember  the 
’90s  Internet  bubble?  Many 
IT  people  left  traditional 
companies  with  visions  of 
pulling  in  millions  from 
start-ups,  only  to  be  rudely 
surprised  when  their  new 
companies  went  under. 
Those  who  left  on  good 
terms  with  their  former  em¬ 
ployers  had  a  better  chance 
of  being  rehired. 


Christian  Bass  is  a  firm 
believer  in  maintaining 
good  relationships  with 
previous  employers.  Until 
2006,  Bass  served  as  direc¬ 
tor  of  academic  technologies 
at  George  Washington  Uni¬ 
versity.  After  leaving  GWU, 
he  eventually  formed  his 
own  company,  Successant 
LLC.  He  recently  negotiated 
a  consulting  contract  with 
—  you  guessed  it  —  his  old 
boss  at  GWU. 

Discussing  his  GWU 
resignation,  Bass  stresses 
the  importance  of  leaving 
with  a  good  reputation  and  a 
record  of  solid  accomplish¬ 
ments.  He  says  he  empha¬ 
sized  that  he  was  leaving  for 
positive  rather  than  negative 
reasons.  “If  something  was 
bothering  me  at  work,”  he 
says,  “I  resolved  it  rather 
than  letting  it  be  the  factor 
that  led  me  to  leave.” 

So  when  you  leave,  be 
gracious.  Stress  the  advan¬ 
tages  of  the  new  job,  not 
the  shortcomings  of  the 
current  one.  Find  reasons  to 
be  grateful  to  have  worked 
at  the  latter,  but  be  sincere 
and  don’t  make  things  up.  If 
you  learned  something  from 
your  boss  or  co-workers,  let 
them  know. 

Even  if  you  had  difficul¬ 
ties  with  someone,  you 
still  could  say,  “Thanks  for 
teaching  me  how  to  bench¬ 
mark  an  Active  Directory 
environment.”  Leaving  on 
good  terms  can  only  help 
you  if  you  encounter  these 
folks  later. 

Keep  your  career  alive 
and  well  by  using  common 
sense  to  avoid  these  deadly 
slip-ups.  ■ 

www.calvinsun.com. 


MAY  26,  2008  COMPUTERWORLD  27 


■  SECURITY  |  BOOK  EXCERPT 


ZERO 

DAY 

THREAT 


h*  BhOCkln!,  Truth  of 

HO“'  r,  Crtfljt- 

nur'““t  H,M0 

: 

.  Mor,"v  «n„ 


I  , .. 


staff 


ON  JAN.  15,  2002, 
Microsoft  Corp. 
Chairman  Bill 
Gates  issued  a 
jaw-dropping 

memo  with  the  subject  line  “Trust¬ 
worthy  Computing.”  To  stem  rising 
hacker  attacks,  Gates  ordered 
all  Windows  development  halted 
and  directed  his  company’s  full 
attention  to  shoring  up  security. 

Microsoft  has  since  poured  vast 
resources  into  making  Windows 
PCs  more  secure.  And  yet  the  risk 
of  having  your  PC  compromised 
and  your  sensitive  data  used  in 
scams  has  never  been  greater,  ac¬ 
cording  to  a  new  book,  Zero  Day 
Threat:  The  Shocking  Truth  of 
How  Banks  and  Credit  Bureaus 
Help  Cyber  Crooks  Steal  Your 
Money  and  Identity  (Sterling 
Publishing,  2008),  by  USA  Today 
technology  reporters  Byron  Aco- 
hido  and  Jon  Swartz.  The  authors 
point  to  a  confluence  of  factors 
increasing  the  danger:  a  bank¬ 
ing  system  built  for  speed;  a  tech 
industry  enamored  with  commer¬ 
cializing  the  Internet;  consumers 
hooked  on  convenience.  In  these 
edited  excerpts,  Acohido  and 
Swartz  convey  Gates’  acknowl¬ 
edgment  of  the  problem. 


the  boat  on  cybercrime 


COMMAND  PERFORMANCE 

Bill  Gates  seemed  weary  and  dis¬ 
engaged.  He  had  just  co-delivered 
a  keynote  address  to  about  3,000 
tech-security  executives,  analysts 
and  researchers  at  San  Francisco’s 
Moscone  Center  and  was  sitting  in  a 
vast  room  behind  the  stage  waiting 
to  do  a  requisite  one-on-one  inter¬ 
view  with  one  of  the  authors. 

The  Feb.  6, 2007,  speech  was 
billed  as  Gates’s  final  command 
performance  at  the  giant  RSA  Con¬ 
ference,  the  tech-security  industry’s 
premier  convention,  held  early  each 
year.  At  his  first  RSA  keynote,  de¬ 
livered  in  2004,  Gates  had  a  good 
story  to  tell.  It  had  been  two  years 
since  he  had  issued  his  Trustwor¬ 
thy  Computing  edict,  ordering  his 
troops  to  alter  their  features-first 


worldview  and  make  security  their 
new  religion.  Microsoft  developers 
at  the  time  were  in  the  home  stretch 
of  hammering  together  Windows  XP 
Service  Pack  2,  which  would  make 
the  use  of  personal  firewalls  and 
automatic  patching  standard  prac¬ 
tice  for  most  home  computer  users. 

Now  here  he  was,  five  years  into 
Trustworthy  Computing,  with 
Windows  Vista,  the  first  Microsoft 
desktop  operating  system  with  se¬ 
curity  accounted  for  in  every  major 
component,  freshly  delivered  to 
store  shelves. 

EVANGELIZING  SECURITY 

Microsoft  now  had  a  more  well- 
rounded  security  story  to  tell.  And 
tell  the  story  it  did.  Beginning  in 

Continued  on  page  30 


28  C0MPUTERW0RLD  MAY  26,  2008 


'  •  y*!l 

•  •  •>•.••  S-SUsi' 


SonicWALL  ZP 


WISHING  FOR  SECURE  REMOTE  ACCESS  CONTROL? 
GRANTED 


■  [  »  S66iiftWftLL,  inc,  SonicVVALL,  the  SonicWALL  logo  and  Pr0t®  Ion  at  the  Speed  of  Busini  s  rec  d  titaderflart 


71 

L?_i 


SECURE 

(U  MOTE  ACCESS  ' 


PROTECTION  AT  1  IE  SPEED  OF  BUSINESS 


SONi  WALL 


SO  MUCH  FOR  THE  STATUS  QUO. 


Existing  enterprise-class  remote  access  and 
SSL  VPN  solutions  fall  short — especially  when 
it  comes  to  granular  endpoint  control,  the  types 
of  devices  they  can  accommodate,  or  the  ease 
of  administering  security  policies.  Even  worse, 
these  solutions  can  be  si  sceptible  to  vulnerable 
connections— actually  serving  as  conduits 
for  malicious  code  or  non-compliance.  The 
SonicWALL  Aventail  E  Class  SSL  VPN  solution 
establishes,  manages,  and  enforces  granular 
application  access  policies  for  external  and 
internal  users  using  all  types  of  endpoints 
including  laptops,  smart  hones,  or  other 
devices.  The  E-Class  SSL  VPN  EX-2500. 
EX-1600  and  EX-750  provide  comprehensive 
into  rogation  at  d  r  mediation,  establishing  trust 
before  access  is  granted.  The  E-Class  SSL  VPN 
solution  is  compatible  across  a  broad  range  of 
platforms  and  OS  types.  When  a  SonicWALL 
Network  Security  Appliance  is  used  with  an 
E-Class  SSL  VPN,  the  combined  functionality 
uses  deep  packet  inspection  along  with  granular 
access  controls  to  contaminate  traffic  and 
to  allow  authorized  application  access  from 
any  remote  device.  This  combined  solution 
blocks  malicious  code  or  any  type  of 
unauthorized  access.  Learn  more  about 
SonicWALL’s  E  C  ss  SSL  VPN  solutions 
at  www.sonicwalt.com/dandelion  or  call 
1.888.  /.6642. 


a  SECURITY  |  BOOK  EXCERPT 


Continued  from  page  28 
the  summer  of  2006,  a  crack 
team  of  Vista  “evangelists” 
—  the  product  managers 
and  marketing  specialists 
assigned  to  wine  and  dine 
researchers,  analysts  and 
reporters  at  conferences 
and  other  events  —  began 
spreading  the  SDL  gospel. 
SDL  stood  for  Security 
Development  Lifecycle,  a 
process  for  meticulously 
rooting  out  coding  errors 
and  security  holes  through¬ 
out  the  development  of  a 
new  software  product. 

Given  the  timing  of  his 
swan-song  appearance  at 
RSA,  Gates  had  the  perfect 
pulpit  to  drive  home  the 
message  his  SDL  disciples 
had  delivered  to  many  of  the 
people  seated  in  Moscone 
Center’s  main  hall.  But 
Gates’  focus  appeared  to  be 
elsewhere.  Several  months 
earlier,  he  had  announced 
his  intent  to  retire  in  mid- 
2008  to  turn  his  attention  to 
eradicating  disease  in  Third 
World  nations. 

Before  he  could  reinvent 
himself  as  a  full-time  phil¬ 
anthropist,  he  was  obligated 
to  sign  off  on  Trustworthy 
Computing  as  a  success  — 
at  least  on  his  watch  —  and 
formally  turn  over  the  secu¬ 
rity  reins  to  Craig  Mundie, 
Microsoft’s  chief  research 
and  strategy  officer. 

For  his  final  RSA  keynote, 
Gates  chose  to  share  the 
stage  with  Mundie,  credit¬ 
ing  him  as  “the  one  who 
motivated  me  to  send  that 
memo  around.” 

Sitting  on  a  couch  back- 
stage  after  the  keynote, 
Gates  looked  haggard. 

The  reporter  gave  him  an¬ 
other  chance  to  hype  Vista: 
“Bill,  the  rate  of  threat  muta¬ 
tion  has  never  been  higher, 
and  cyberintruders  are 
more  organized  than  ever, 
using  ever-more  stealthy, 
targeted  attacks.  That  said, 


how  far  can  Microsoft’s  SDL 
products  go  toward  stem¬ 
ming  the  wider  security 
problem?” 

BAND-AID  SOLUTION 

Gates  looked  up,  glared  an¬ 
grily  at  the  reporter  and  said 
he  didn’t  understand  the 
question.  After  a  few  more 
awkward  exchanges,  Gates 
took  a  swig  from  the  can 
of  Diet  Coke  his  handlers 
invariably  kept  within  his 
reach.  The  jolt  of  caffeine 
appeared  to  fire  his  synaps¬ 
es  and  perk  him  up. 

During  the  45-minute  in¬ 
terview  that  ensued,  Gates 
pointed  out  breakthrough 
security  features  in  Vista. 
Warming  to  the  interview, 
Gates  opined  that  “computer 


security  is  100  times  better 
today  than  in  2002.  But 
there  has  been  an  evolution 
in  spam  and  phishing,  and 
you  can’t  apply  Band-Aids  to 
the  problem.” 

SDL,  Microsoft’s  blueprint 
for  developing  more-secure 
software,  was  a  lot  more 
than  a  Band-Aid,  of  course. 
SDL  forced  Microsoft’s  de¬ 
signers  and  developers  to 
address  the  reality  that  any 
software  program  touching 
the  Internet  can  be  attacked 
through  the  Internet.  Still, 
SDL  was  no  panacea. 

John  Pescatore,  longtime 
tech-security  analyst  at 
Gartner,  singled  out  a  major 
shortcoming:  Microsoft 
designed  SDL  to  strengthen 
old-style  software  programs 
sold  in  shrink-wrapped 
boxes,  programs  that  typi¬ 
cally  spent  years  in  the  de¬ 


velopment  lab.  It  did  very 
little  to  improve  security  of 
Web  2.0  software  typically 
developed  on  the  fly  and  de¬ 
ployed  quickly  as  a  service 
over  the  Internet. 

EXTREME  CAUTION 

By  the  close  of  2006  and 
the  start  of  2007,  a  select 
group  of  cybercriminals  had 
begun  sending  out  e-mail 
messages  to  workers  at  cer¬ 
tain  government  agencies 
and  large  corporations.  The 
e-mails  contained  corrupted 
Word,  Excel,  PowerPoint 
and  Outlook  files  as  attach¬ 
ments.  These  were  zero-day 
attacks.  No  patches  were  on 
Microsoft’s  radar. 

The  e-mail  messages  were 
carefully  crafted  to  look  like 


they  came  from  a  co-worker 
or  an  acquaintance.  Once 
the  recipient  clicked  on  the 
corrupted  Office  file,  a  back 
door  loaded  onto  the  ma¬ 
chine.  The  intruder  now  had 
access  to  install  a  rootkit 
cloaking  mechanism,  along 
with  tools  to  monitor  traffic 
for  clues  on  the  best  ways  to 
drill  deeper  and  stealthily 
infect  other  PCs  inside  the 
organization’s  intranet.  The 
ultimate  goal:  harvest  sensi¬ 
tive  data. 

Five  years  into  Trustwor¬ 
thy  Computing,  with  Office 
zero-day  attacks  on  the  rise, 
Microsoft  was  compelled 
to  issue  Security  Advisory 
933052  notifying  its  custom¬ 
ers  that  even  documents 
appearing  to  arrive  from 
trusted  contacts  may  not  be 
entirely  trustworthy: 

“As  a  best  practice,  us- 


Compared  to  trying  to  put  the 
cybercrime  genie  back  into  the  bottle, 
stamping  out  major  diseases  in  Third 
World  nations  might  seem  a  snap. 


ers  should  always  exercise 
extreme  caution  when  open¬ 
ing  unsolicited  attachments 
from  both  known  and  un¬ 
known  sources.” 

SUPERIOR  WEAPONRY 

With  attacks  multiplying, 
Russian  cybercrime  lords 
enriching  themselves,  and 
Chinese  cyberspies  roam¬ 
ing  wild,  Gates  unburdened 
himself  of  a  heavy  load  at 
RSA  2007.  Compared  to  try¬ 
ing  to  put  the  cybercrime 
genie  back  into  the  bottle, 
stamping  out  major  diseases 
in  Third  World  nations 
might  seem  a  snap. 

The  fight  to  keep  cyber¬ 
thieves  and  cyberspies  from 
rendering  Microsoft’s  prod¬ 
ucts  untrustworthy  now  fell 
to  Craig  Mundie.  Internet 
security,  Mundie  observed, 
was  based  on  a  fortress 
mentality.  Defense  systems 
protecting  key  parts  of 
the  Internet  were  akin  to 
moated  castles  from  which 
valuable  assets  could  evapo¬ 
rate  into  the  air  or  seep  out 
through  tunnels  under  the 
walls.  And  to  make  matters 
worse,  these  castles  had 
come  under  siege  by  an 
enemy  with  superior 
weaponry. 

“It’s  sort  of  like  we’ve 
been  in  the  medieval  age  of 
computer  networking  and 
access.  And  we  say,  you 
know,  we  just  have  to  build 
more  and  more  fortress¬ 
like  protections,”  says 
Mundie.  “So  we  build  thick¬ 
er  walls,  higher  turrets,  put 
moats  out  in  front,  bigger 
drawbridges.  And  what  we 
didn’t  really  see  coming  yet 
is  essentially  the  airplane 
and  the  air-to-surface 
missile.”  ■ 

Adapted  with  permission  of 
Sterling  Publishing  Co.,  from 
Zero  Day  Threat,  by  Byron 
Acohido  and  Jon  Swartz. 
Copyright  ©  2008  by  Byron 
Acohido  and  JonSwartz. 


30  C0MPUTERW0RLD  MAY  26,  2008 


Congratulations 


to  Our  Finalists! 


COMPUTERWORLD 


MOBILES  WIRELESS  WORLD 


Best  Practices 

IN  MOBILE  &  WIRELESS 


AWARDS  PROGRAM 


The  “Best  Practices  in  Mobile  &  Wireless”  award 
recipients  will  be  honored  Tuesday,  June  10th  at  the 
6th  annual  Mobile  &  Wireless  World  conference  in 
Miami,  Florida. 


This  program  honors  IT  user  “best  practice”  case  studies 
selected  from  a  field  of  qualified  finalists. 


We’d  like  to  thank  our 66  Best 
Practiees  in  Mobile  &  Wireless” 
Judges  for  2008: 

•  Timothy  Cox,  OnStar 

•  Mark  Dulle,  Dorfman  Pacific 

•  David  Dully,  Baptist  Health 

•  Thomas  Gagne,  Continental  Airlines,  Inc. 

•  Sheng  Guo,  New  York  State  Unified 
Court  System 

•  Matthew  Hamblen,  Computerworid 

•  Randall  Headrick,  Air  National  Guard 

•  Julia  King,  Computerworid 

•  George  Pollack,  Wound  Technology 


I 


*  Financial  return  and  measurable  payback 
(returns  on  investment,  assets,  resources) 
through  created/protected  revenue 
opportunities  or  cost  savings.  Vtf’f 


Addresses  challenges  of  data,  information 
and  application  security,  etc. 


m  SECURITY  MANAGER’S  JOURNAL  C.J.  KELLY 


Getting  an  F  and 
Turning  It  Into  Fun 

An  audit  shows  a  need  for  more  effective 

security-awareness  training.  But  how  can 
it  be  both  cheap  and  entertaining? 


IT’S  NEVER  fun  to 
get  an  F,  but  fun  is 
what  I  decided  we 
needed  to  inject  into 
our  training  when 
that  was  the  grade  we  got 
in  one  aspect  of  our  recent 
security  assessment. 

The  F  came  about 
through  a  social  engineer¬ 
ing  exercise.  The  consul¬ 
tant  who  was  hired  to  do 
the  agency’s  audit  was 
given  an  office  in  our  head¬ 
quarters  and  a  desk  phone 
that  was  programmed  to 
display  “IT  consultant”  on 
Caller  ID.  Then  I  gave  him 
a  list  of  phone  numbers  for 
all  the  agency  employees 
throughout  the  state. 

Making  calls  at  random, 
the  consultant  introduced 
himself,  mentioning  the 
name  of  his  company.  He 
then  explained  that  he  was 
working  for  me  and  look¬ 
ing  at  the  security  controls 
around  our  information 
systems.  He  just  needed  the 
employee  to  tell  him  her 
username  and  password,  he 
explained,  so  he  could  get 
on  with  his  investigations. 

In  nearly  every  case, 
dropping  my  name  was  all 
it  took  for  him  to  get  the 
employees  to  reveal  all. 
Those  susceptible  to  this 


ploy  included  a  manager 
who  considers  himself  to 
be  particularly  IT-savvy. 
(That  was  the  one  call 
that  wasn’t  random,  since 
I  suggested  that  the  con¬ 
sultant  give  him  a  try.) 

The  manager  said  he  was 
too  busy  to  help  out,  so  he 
instead  offered  the  names 
and  phone  numbers  of  his 
direct  reports.  In  effect,  he 
gave  the  consultant  more 
ammunition,  since  he  now 
could  drop  this  manager’s 
name  as  well  when  calling 
his  direct  reports. 

The  IT  staff  had  been 
alerted  to  this  exercise  so 
that  they  could  mop  up  by 
changing  passwords  every 
time  an  account  was  com¬ 
promised.  However,  they 
hadn’t  expected  to  spend 
so  much  time  changing 
so  many  passwords.  The 
consultant’s  success  rate 
was  amazing. 

But  no  one  was  as  sur¬ 
prised  as  me.  We  do  se¬ 
curity  awareness  training 
annually,  and  every  new 
employee  gets  security 

■  It  was  amazing 
how  many  employ¬ 
ees  were  willing  to 
reveal  passwords. 


training.  Obviously,  we  are 
not  getting  through. 

Since  the  assessment 
results  were  going  to  go 
up  the  chain  of  command, 

I  needed  to  be  prepared 
with  mitigation  plans. 

Part  of  the  problem,  I 
knew,  was  that  our  secu¬ 
rity  awareness  program  is 
static  and  uninteresting.  I 
firmly  believe  that  train¬ 
ing  needs  to  be  fun  and 
interesting  to  be  effective, 
but  as  with  so  many  other 
things,  a  lack  of  resources 
was  an  impediment.  I 
had  bought  a  series  of  se¬ 
curity  awareness  films  that 
I  wanted  to  deploy  over 
the  agency  intranet,  but  IT 
hadn’t  been  able  to  accom¬ 
modate  my  request. 

A  MOVIE  DATE 

Now,  with  that  F  star¬ 
ing  me  in  the  face,  I  was 
motivated  to  find  alterna¬ 
tives.  Suddenly,  a  low-tech 
option  became  more  ap¬ 
pealing.  Those  films  were 
gathering  dust  on  the  shelf. 
Why  not  roll  them  out, 
not  on  the  intranet  as  I’d 
originally  envisioned,  but 
through  in-office  screen¬ 
ings  around  the  state? 

To  make  it  fun,  I  would 
provide  popcorn  and  soda. 


Trouble 

Ticket 

AT  ISSUE:  Employees 
gave  up  usernames  and 
passwords  to  a  stranger 
with  careless  ease. 

ACTION  PLAN:  Make 

security  awareness 
training  more  memorable 
by  making  it  more  fun. 


But  how  could  I  reach  all 
the  agency  offices  spread 
out  over  the  state?  Video- 
conferencing,  that’s  how. 

The  videoconferenced 
screening  is  certainly  go¬ 
ing  to  take  more  of  my 
time  than  the  intranet 
option  would  have.  I  have 
to  schedule  the  event,  mar¬ 
ket  it  with  flair,  buy  the 
snacks  and  be  on  hand  for 
a  Q&A  afterward.  But  this 
approach  may  be  more  ef¬ 
fective  than  the  intranet  op¬ 
tion,  because  we  will  be  as¬ 
sured  of  more  participation 
—  and  it  will  be  more  fun. 

Now  I’m  thinking  that 
this  approach  might  work 
for  other  agencies  in 
our  department  too.  We 
regularly  videoconference 
with  them,  so  it  would  be 
easy  to  get  the  films  into 
their  offices.  And  when 
I  purchased  the  films,  I 
made  sure  that  we  had  a 
network-based 
license  that 
could  accommo 
date  the  entire 
department. 

Again,  we’re 
talking  about 
cutting  into  more  of  my 
time.  But  at  least  this  proj¬ 
ect  is  shaping  up  as  some¬ 
thing  that  could  be  a  lot  of 
fun.  And  the  more  fun  it  is, 
the  greater  the  payback.  ■ 
This  week’s  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “C.  J.  Kelly,”  whose 
name  and  employer  have 
been  disguised  for  obvious 
reasons.  Contact  her  at 
mscjkelly@yahoo.com. 


OJOIN  in 

To  join  in  the  discussions 
about  security,  go  to 

■  computarworid.com/ 
blogs/sacurity 


32  COMPUTERWORLD  MAY  26, 2008 


Optimizing  Your 

Green  IT  Strategy 

;  ' 

Computerworld’s  Green  IT  Symposium 

September  17-18, 2008  •  Gaylord  National  Resort  and  Convention  Center 
Washington,  DC 

Attend  the  Green  IT  Symposium  and  learn  howto:  m 

•  Find  out  why  80%  IT  executives  say  green  IT  is  important  to  their  organization 

•  Network  with  world-class  IT  leaders  who  have  developed  a  green  IT  game  plan 

•  Understand  how  this  pervasive  topic  is  affecting  IT  organizations  like  yours 

•  Participate  in  the  inaugural  "Green  IT  Awards"  honoring  early  adopters 
and  industry  leaders 

Topic  areas  include: 

•  Developing  a  Green  Enterprise  Game  Plan 

. 

•  R  ducing  IT  Power  Consumption  and  Environmental  Danger 

•  Understanding  the  Regulatory/Compliance  Landscape 

•  Findi  g  ROI  in  jr  sen  IT  Dractices 


For  complete  details,  or  to  register: 
www.greenitsymposium.com/cwad 


COMPUTERWORLD 

GREEK  IT  SYMPOSIUM 


vjfmm  • 

. 


- 

'»•  '(.<.■  *’;■'>  , 

,  V  4-  ' 

(■ 


■  *!>.} 


m  OPINION 

Paul  M.  Ingevaldson 

The  Traveling  CIO 


AS  CIOs  begin  to  log  significant  international 
miles,  I  thought  I  would  help  you  answer  that 
ever-present  question,  “How  many  countries  have 
you  been  to?” 


This  is  not  an  easy 
question  to  answer  be¬ 
cause  it’s  complicated  by 
many  shades  of  mean¬ 
ing.  How  do  you  define 
“country”?  Do  territories 
count?  What  about  Hong 
Kong?  Is  an  emirate  a 
country?  Is  the  U.K.  a 
single  country? 

And  then,  how  do  you 
define  “been  to”? 

When  I  was  running 
our  international  divi¬ 
sion,  we  decided  to  estab¬ 
lish  some  rules  on  how  to 
count  countries.  Since  I 
was  in  charge,  I  decided 
to  make  this  the  only 
dictatorial  portion  of  my 
job.  I  would  listen  to  any 
appeal,  but  my  decision 
was  final. 

Often,  I  was  accused  of 
making  decisions  based 
on  my  own  experiences, 
but  that  is  totally  bogus. 

The  first  question  that 
has  to  be  considered  is 
the  definition  of  a  coun¬ 
try.  The  U.N.  lists  192 
members,  but  it  doesn’t 
include  Vatican  City, 
Kosovo  and  Taiwan.  The 
U.S.  State  Department 
counts  194  countries, 
with  Taiwan  the  lone 


exception.  In  addition, 
there  are  many  territories 
that  are  not  officially  con¬ 
sidered  countries,  such  as 
Guam  and  Bermuda. 

For  our  nonpolitical 
purposes,  we  will  count 
195  nations  and  all  non¬ 
contiguous  territories  as 
countries.  In  addition, 
there  are  several  special 
situations  that  I  have  ad¬ 
dressed. 

So,  here  are  my  rules. 
Of  course,  I’m  retired 
now,  so  with  someone 
else  in  charge,  they  prob¬ 
ably  have  changed. 

1.  You  must  leave  the 
airport*  in  order  to  count 
the  country.  One  excep¬ 
tion  to  this  is  if  you  stay 
in  the  airport  hotel  over¬ 
night.  In  that  case,  you 
may  count  the  country.  A 
quick  trip  in  a  taxi  just  to 
count  a  country  violates 
the  spirit  of  the  process 
and  will  not  count. 

*The  hijacking  corollary: 

■  You  can’t  count 
a  country  if  you 
travel  across  it  by 
airplane,  balloon 
or  dirigible. 


If  you  are  the  unfortu¬ 
nate  victim  of  a  hijack¬ 
ing,  you  get  the  hijacking 
bonus:  Any  airport  that 
you  stop  at  counts  as  a 
country  visited. 

2.  You  can’t  count  a 
country  if  it  was  not  a 
country  when  you  visited  it. 
So  pre-2008  Kosovo,  for 
example,  doesn’t  count. 

3.  You  can  count  a 
country  if  it  was  a  country 
when  you  visited,  even 
though  it  is  no  longer  a 
country,  e.g.,  Hong  Kong, 
the  USSR. 

4.  You  can  count  a  coun¬ 
try  if  you  take  a  train  or 
car  through  it,  even  if  you 
never  leave  the  vehicle, 
e.g.,  an  auto  trip  through 
Monaco. 

5.  You  can’t  count  a 
country  if  you  travel  across 
it  by  airplane,  balloon,  di¬ 
rigible  or  other  airborne 
conveyance. 

6.  If  you  take  a  ride  from 
the  airport  into  the  city 
center,  you  may  count  the 
country,  even  if  you  don’t 
stay  overnight. 

7.  You  must  be  ex-utero 
(outside  the  womb)  to 
count  the  country.  And  if 
you  were,  you  may  count 


it  even  though  you  have 
no  memory  of  the  visit. 

SPECIAL  SITUATIONS: 

8.  Scotland,  Wales, 
Northern  Ireland  and 
England  are  considered 
countries,  as  are  the  Pal¬ 
estinian  territories  and 
Gibraltar. 

9.  The  United  Arab  Emir¬ 
ates  is  a  single  country 

with  six  emirates.  Ant¬ 
arctica  is  considered  a 
country  even  though  it  is 
a  continent. 

10.  Islands  around  the 
world  have  special  relation¬ 
ships  with  various  coun¬ 
tries.  Some  are  obviously 
part  of  a  country,  such  as 
Bali  and  Hawaii.  Others 
are  considered  separate 
countries,  e.g.,  Green¬ 
land,  Puerto  Rico  and 
French  Polynesia. 

I’m  sure  there  will  be 
some  disagreement.  I’ll 
listen,  but  be  ready  to 
have  your  argument  re¬ 
jected.  This  is  a  tough  job, 
but  somebody  has  to  do 
it.  So  when  you  have  an 
idle  minute  or  perhaps  a 
six-hour  flight,  count  your 
countries.  Once  you  reach 
the  50  mark,  you  are  of¬ 
ficially  a  traveling  CIO. 

By  the  way,  I  visited 
my  75th  country  last  year 
when  we  went  to  New 
Zealand  in  December. 
What  a  beautiful  place!  ■ 
Paul  M.  Ingevaldson  retired 
as  CIO  at  Ace  Hardware 
Corp.  in  2004  after  40  years 
in  the  IT  business.  Contact 
him  at  ingepi@aol.com. 


34  C0MPUTERW0RLD  MAY  26,  2008 


MARKETPLACE 


Server 

room 

climate 

worries? 

Get  our 
free  book. 


E-mail  FreeBaok@ITWatchDogs.com  with  your  moiling  address 
or  call  us  at  512  157-1462. 


How  ien 
sl.T.  Really? 


j 

•  , 

u-  -*» 

4T* 

■ 

POWER 


Faronics 

tc-Uigc-'PT  ‘>oluficjr  *.-  1r,i 


Paronids  Power  Save  delivers  intelligent  energy 
management  to  desktop  computers.  Power 
Save  goes  above  and  beyond  every  computer’s 
basic  power  settings  by  implementing  energy 
management  based  on  CPU,  disk,  and 
application  activity— without  impacting  user 
productivity: 


Download 

functional  evaluation  copy  at 


tunuiuncii  evuruauuri  cupy  cii 

www.faronics.com/GreenlT 

i  1-800-941-6422^ 


Terabytes  of  Text 


Instantly  Search 

Terabytesof  Text 


♦  dozens  of  indexed, 
unindexed,  fielded  data 
and  full-text  search 
options  (including 
Unicode  support  for 
hundreds  of 

international  languages) 

♦  file  parsers  /  converters 
for  hit-highlighted 
display  of  all  popular 
file  types 

♦  Spider  supports  static 
and  dynamic  web  data; 
highlights  hits  while 
displaying  links, 
formatting  and  images! 
intact 

♦  API  supports  .NET,  C++, 
Java,  databases,  etc. 

New  .NET  Spider  API 


Desktop  with  Spi** 
NeWork  with  Spider 
publish  for  CD/DVDs 
We b  with  Spider 

Engine  for  Win  &  NET 

Engine  for  If'" 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  "Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a 
single  index  and  returns  results  in  less  than  a  second" 

-  InfoWorld 

♦  "For  combing  through  large  amounts  of  data,"  dtSearch 
"leads  the  market"  -  Network  Computing 

♦  dtSearch  "covers  all  data  sources  ...  powerful  Web-based 
engines"  -  eWEEK 

♦  dtSearch  "searches  at  blazing  speeds"  -  Computer  Reseller 
News  Test  Center 

See  www.dtsearch.com  for  hundreds  more  reviews, 

and  hundreds  of  developer  case  studies 


fir  Cr 

v_C 

miaCT 

□isearcn  Tor  Tuiiy-Tuncuonai  evait 

lations 

1-800-IT-FINDS  •www.dtsearch.com 


Your  message  works  in  the  Marketplace  section! 


PfUNTMEDlASERVICES 


To  advertise,  call  212-655-5220  or  email  temerson@ven.com 


May  26,  2008  COMPUTERWORLD 


PAGE  COMPILED  BY  JAMIE  ECKLE, 


BETTER 

Late 
Never? 


Some  of  the  more  unusual  excuses  that  managers  said 
they  had  heard  from  employees  over  the  past  year  in 
CareerBuilder.com’s  annual  “Late  to  Work”  survey: 

1.  While  rowing  across  the  river  to  work,  I  got  lost  in  the  fog. 


2.  Someone  stole  all  my  daffodils. 

3.  I  had  to  go  audition  for  American  Idol. 

4.  My  ex-husband  stole  my  car,  so  I  couldn’t  drive  to  work. 

5.  My  route  to  work  was  shut  down  by  a  presidential  motorcade. 

6.  I  wasn’t  thinking  and  accidentally  went  to  my  old  job. 

7.  I  was  indicted  for  securities  fraud  this  morning. 

8.  The  line  was  too  long  at  Starbucks. 

9.  I  was  trying  to  get  my  gun  back  from  the  police. 

10. 1  didn’t  have  money  for  gas  because  all  the 
pawn  shops  were  closed. 


Bosses  who  said 
they  are  skeptical 
of  their  workers’ 
excuses. 


SOURCE:  ONLINE  SURVEY  CONDUCTED  FEB.  11  TO  MARCH  13. 
WITH  2.757  EMPLOYERS  AND  6.967  WORKERS  RESPONDING 


Workers  who 
said  they  are  late 
to  work  a  east 
once  a  week. 


Workers  who 
owned  up  to  in¬ 
venting  excuses 
for  tardiness. 


I  ASK  A  PREMIER  100  IT  LEADER 


m. 


Ram  Murthy 

The  director  of  application 
systems  at  the  Peace  Corps 
answers  questions  about 

education,  certifications, 
leadership  and  dealing  with  slackers. 


Would  an  A+  certification 
in  networking,  along  with  a 
master’s  degree,  be  useful  in 
moving  one’s  career  along? 
And  is  an  online  master’s  de¬ 
gree  worth  much?  The  IT  field 
is  continuously  evolving  to  meet 
business  needs.  This  implies  that 
the  IT  knowledge  worker  must 
always  be  on  top  of  technology 
and  invest  in  continual  learning. 

Getting  A+  certification  in 
networking  with  a  master’s 
degree  in  a  related  IT  field  does 
somewhat  help,  but  it  must  be 
backed  up  with  professional 
on-the-job  skills  and  experi¬ 
ence.  With  respect  to  online 
master’s  degrees,  one  from  an 
accredited  university 
does  carry  weight.  In 
fact,  in  this  network¬ 
centric  world,  online 
and  self-paced  edu¬ 
cational  opportunities 
to  help  you  balance 
your  professional  and 
personal  activities  are  becom¬ 
ing  more  common. 

Remember,  though,  that  while 
certifications  and  education  can 
help  you  get  an  entry-level  job, 
you  will  need  to  support  your 
credentials  with  work  experience 
if  you  want  to  move  up. 

I’m  a  12-year  IT  industry 
professional  whose  position 
was  recently  outsourced. 

I’m  thinking  about  returning 
to  school  to  obtain  mobile 
application  development 
training  at  a  cost  of  about 
$6,000.  Do  you  think  it’s 
worth  the  investment?  Yes. 
And  if  finding  funds  for  the  train¬ 
ing  is  an  issue,  check  out  the 
self-paced  and  free  classes  and 
code  camps  that  vendors  like 
Microsoft  and  IBM  offer. 

With  end  users  these  days 


expecting  to  have  information 
available  anytime,  anywhere  and 
by  any  means,  skills  in  mobile 
technology  and  mobile  applica¬ 
tion  development  will  be  widely 
sought.  I  would  also  suggest 
that  your  rdsumd  should  show 
support  for  your  training  and 
education  with  real-life  app  dev 
examples  to  get  the  attention  of 
recruiters. 

In  12  years  in  IT,  I’ve  always 
been  frustrated  by  those 
colleagues  who  manage  to 
do  the  least  possible  work. 
They’re  like  Wally  in  the 
“Dilbert”  comic  strips,  and 
management  doesn’t  seem 
to  catch  on.  I’ve 
never  wanted  to 
rat  these  people 
out,  but  as  work¬ 
loads  increase  be¬ 
cause  of  smaller 
staffs,  the  frus¬ 
tration  is  mount¬ 
ing.  (Why  are  the  Wallys  al¬ 
ways  the  last  to  be  laid  off?) 
What  would  you  advise?  The 
basic  problem  involves  visibility 
and  awareness.  Your  managers 
are  completely  blind  on  resource 
allocation  and  performance 
management.  There  should  be 
better  accountability.  They  need 
to  institute  weekly  status  reports 
and  related  communication  tools 
on  the  work  accomplished  that 
will  show  who  is  responsible, 
accountable  and  producing  the 
work. 

As  for  you  and  the  other  non- 
Wallys,  don’t  be  modest  about 
marketing  yourself  and  your  ac¬ 
complishments.  You  might  also 
need  to  employ  creative  commu¬ 
nications  to  your  customers  and 
business  units  so  the  message 
circles  back  to  your  boss  on  who 
actually  produces  the  work. 


©  QUESTION? 

If  you  have  a  question 
for  one  of  our  Premier 
100  IT  Leaders,  send 

ittoaskaleaderd 

computerworld.com, 

I  and  watch  for  this  ■ 

column  each  month.  i 


30  COMPUTERWORLD  MAY  26, 2008 


IT 


careers 


Database  Administrator 
Maintain  &  administer  Oracle 
d/bases  &  Oracle  applies. 
Reqmts  incl  Master's  or  equiv  in 
Comp  Sci,  Comp  Applies  or  Info 
Systems;  &  working  knowl  of 
Oracle  &  SAP  Basis  Admin.  & 
Informatica  Power  Center. 
Resume  to:  Dharmendra  Sethi, 
GAVS  Technologies,  10901  W 
120th  Ave,  Ste  110,  Broomfield, 
CO  80021. 


Software  Engineers  (Topeka/ 
KS):  Design/  develop  web- 
based  retirement  benefit  mgmt 
IT  system.  Req  BS  in  CSi,  CIS 
or  Math,  or  suitable  combina¬ 
tion  of  edu,  training  or  exp, 
plus  2-yr  exp  in  OO,  Java  or 
.Net,  IBM  FileNet,  ILOG,  AJAX, 
SOA.  Send  resume/salary  reqt 
to  Norman,  Sagitec  Solutions, 
LLC,  2233  N. Hamline,  Suite 
420,  Roseville,  MN  55113. 


□ 


^  Looking  for  ^ 
something 
new? 


You’ve  come  to 
the  right  place! 


Check  back  with 
us  weekly  for  fresh 
listings  placed  by  top 
companies  looking  for 
skilled  professionals 
like  you! 


iTjcareers 

\ _ _ _ / 


IT  Professionals  and  Managers  Needed 
Patni  Americas,  Inc.,  an  estab¬ 
lished  and  expanding  IT  consult¬ 
ing  company  with  headquarters  in 
Cambridge,  MA  is  searching  for 
qualified  IT  Professionals  (i.e., 
Software  Consultants,  Software 
Engineers,  Programmer/ 

Analysts,  Systems  Analysts, 
Database  Analysts,  QC  Engineers); 
Information  Systems  and  Project 
Managers;  Program  Managers; 
and  account/sales  managers  for 
its  growing  team.  Technical  posi¬ 
tions  require  a  Bachelor's  degree 
in  Computer  Science, 
Engineering  or  a  related  field 
and/or  relevant  industry  experi¬ 
ence.  For  our  Information 
Systems  and  Project/Program 
Manager  positions  we  prefer  a 
MS  degree  in  related  fields  such 
as  computer  science  or  engineer¬ 
ing  and  relevant  industry  experi¬ 
ence.  We  will  consider  applicants 
with  a  relevant  Bachelor's  degree 
and  significant  industry  experi¬ 
ence  for  these  positions.  Our 
account/sales  manager,  engi¬ 
neering  and  business  develop¬ 
ment  officer  position  involve 
developing  and  managing  busi¬ 
ness  development  initiatives,  as 
well  as  existing  accounts  for  the 
company.  Qualified  applicants  will 
have  a  technical  and/or  busi¬ 
ness/marketing  degree  (Master's 
preferred)  and  relevant  industry 
experience.  We  will  consider  can¬ 
didates  with  a  relevant  Bachelor's 
degree  and/or  relevant 
sales/BDM  experience. 

Positions  may  require  relocation 
to  various  client  sites  throughout 
the  United  States.  Qualified  appli¬ 
cants  submit  resumes  to  HR 
Department  (Attn:  Mithilesh 
Sharma),  Patni  Americas,  Inc., 
One  Broadway,  15th  Floor, 
Cambridge,  MA  02142. 


Application  &  Support 
Engineer  to  design  soft¬ 
ware  systems,  experience 
required.  Send  resume  to 
HR  Dept.,  InduSoft  LLC, 
3445  Executive  Center 
Dr.,  Ste.  212,  Austin,  TX 
78731.  Must  ref  job  code 
FT040108. 


DLR  Technologies  &  Consulting 
Service  seeks  system  analyst, 
software  engineer,  DBA  to  cus¬ 
tomize  applications  using  skills 
such  as  Oracle,  Java,  C/C++, 
C#,  SAP  etc.  Job  sites  various. 
Must  have  minimum  MS  or  BS 
with  1-5yr  IT  experience.  Please 
contact  hr@dlrtech.com. 

Toji  Trading  seeks  systems  engi¬ 
neer  with  financial  derivative 
experience.  Knowledge  of  Java 
and  C++  is  a  plus.  Require  MS 
or  BS+5yr  IT  or  financial  deriva¬ 
tive  related  experience.  Please 
send  resumes  to  233  S  Wacker 
Dr,  Ste  2130,  Chicago,  IL  60606. 


IT  Opportunities 


Due  to  our  rapid  growth,  we  have  the  following  positions  available: 

Programmer  Analyst:  Analyze,  design,  develop,  code,  test  and  maintain 
database  management  systems.  Must  have  at  least  a  Bachelor’s  degree  and 
3+  years  of  experience  and  the  ability  to  use  Mainframe,  DBA,  AS400  and 
Client-Server  tools. 

Project  Managers/Leaders:  Lead  a  team  of  programmer  analysts  and  data 
base  administrators  on  development  and  maintenance  of  hardware  and  software 
applications  as  well  as  be  responsible  for  project  planning  and  quality  assurance. 
Must  have  a  Bachelor’s  degree  and  5+  years  of  experience  and  the  ability  to 
use  Mainframe,  DBA,  AS400  and  Client-Server  Tools. 

Business  Development  Managers/Directors:  Manage  sales  activities  and 
achieve  sales  quota  for  assigned  territory.  Help  Syntel’s  sales  leadership  in 
planning  and  rolling  out  an  inside  sales  strategy.  Must  have  a  Bachelor's  degree 
and  3+  years  of  experience. 

All  positions  are  located  throughout  the  U.S.  and  travel  is  usually  required. 

Above  positions  commonly  require  any  of  the  following  skill  sets: 

Mainframe:  IMS  DM/DC  OR  DB2,  MVS/ESA,  COBOL,  CICS,  Focus,  IDMS 
or  SAS. 


DBA:  ORACLE  OR  SYBASE  DB2,  UDB 


Client-Server/WEB:  Ab-initio  •  Oracle  Applications  &  Tools  •  Websphere 

•  Lotus  Notes  Developer  •  VB,  Com/Dcom,  Active  X  •  Web  Architects  •  UNIX, 
C,  C++,  Visual  C++,  C#.NET,  ASP.NET,  VB.NET  •  SAP/R3,  ABAP/4  or  FICO  or 
MM  &  SD  •  IEF  •  Datawarehousing  and  ETL  tools  •  WiNT  •  Oracle  Developer 
or  Designer  2000  •  JAVA,  HTML,  J2EE,  EJB  •  RDBMS  •  PeopleSoft 

•  PowerBuilder  •  Web  Commerce 


AS400:  RPG,  ILE,  Coolplex 


Please  forward  your  cover  letter  and  resume 
to:  Syntel,  Attn:  Recruitment  Manager 
525  E.  Big  Beaver,  Ste.  300 
Troy,  Ml  48083 

E-mail:  syntel_usads@syntelinc.com  EOE 


SVNYEL 

winiwr.synteliiic.com 


□ 


With  35  branch  offices  located 
across  the  US,  COMSYS  is 
actively  recruiting  for  the  follow¬ 
ing  positions. 

Programmer  Analyst-  metro 
Herndon,  VA-  Code  #  HE120 
Programmer  Analyst-  metro 
Newark,  NJ-  Code#FL100 
Programmer  Analyst  -  metro 
Jacksonville,  FL-  Code  #  JA110 
Roving  employment  to  varying 
jobsites  throughout  the  US. 
Please  refer  to  appropriate  job 
code  when  submitting  resume 
to:  COMSYS,  Attn.  Nancy 

Theriault,  15455  N.  Dallas 
Pkwy.,  Ste  300,  Addison,  TX 
75001.  EOE./MF/DV 


Software  Engineer  needed 
w/Master's  or  foreign  equiv.  in 
CS  or  Eng.  or  Math  in  job 
offered  or  closely  related  occu¬ 
pation  to  analyze,  dsgn,  dvlp, 
test,  implmt,  maintain  &  update 
s/ware  systems  in  Win  &  web 
platform  using  C#.Net,  ASP, 
ASP.Net,  SQL,  PL/SQL  D/base 
language,  use  of  object  oriented 
prgmg  concepts  in  dsgng  &  cod¬ 
ing,  D/base  dsgn  w/MS  SQL 
Server  2000  &  dvlp  various 
infrastructure  components  for 
the  web,  middle-tier  &  for  data 
access;  coord  team  members  in 
Website  dvlpmt  in  ASP.net  using 
C#.Net  &  interact  w/client  to 
gather  reqmts.  Mail  res  to:  AIT 
Global,  Inc,  228  Rte  34, 
Matawan,  NJ  07747.  Job  loc: 
Matawan,  NJ  or  any  unanticipat¬ 
ed  Iocs  in  US. 


Apollo  Group  located  in 
Phoenix,  AZ  has  multiple  open¬ 
ings  for  IT  professionals. 
Specific  skill  sets  needed 
include: 

•.Net  developers  JQ-010 

•  JAVA/J2EE  JO-020 

•  Data  warehousing  develop 
ers  JO-03 

•  Oracle  Developers/DBA  JO- 
04 

•  Quality  Assurance  Analysts 
JO-050 

•  Systems  Administrators  JO- 
060 

•  Web-based  DevelopersJO- 
070 

•  Business  AnalystsJO-080 

All  positions  require  at  least  a 
B.S.  degree  in  related  field. 
Some  positions  require  an  M.S. 
degree.  Competitive  salaries. 
Send  resume  to: 
pat.branum@phoenix.edu. 
Refer  to  specific  JO#  for  consid¬ 
eration.  Applicants  must  have 
authority  to  work  permanently  in 
the  U.S. 


MAY  26,  2008  C0MPUTERW0RLD 


Shamank 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


How  It’s  Done 

This  pilot  fish  brags  that  he’s 
worked  on  a  software  project 
that  finished  on  time,  on  bud¬ 
get  and  with  only  “I  thought 
you  wanted . . problems 
when  it  was  shown  to  the 
customer  -  and  no  problems 
when  it  was  delivered.  “Not 
possible,  you  say?”  asks 
fish.  “Well,  I  do  grant  it  was  a 
special  case:  The  app  was  for 
the  regional  president.  There 
was  a  standing  procedure  for 
change  requests  that  was  ac¬ 
tually  enforced  this  time.  The 
next-to-last  step  in  the  proce¬ 
dure  for  a  change  request  was 
that  the  requesting  suit  had  to 
go  to  the  sponsoring  suit  and 
explain  the  change  and  why 
it  was  important  enough  to 
delay  delivery  of  the  sponsor’s 


app.  For  some  reason,  almost 
all  of  the  “gotta  have  now” 
changes  got  to  that  point 
and  suddenly  became  “next 
release.”  We  just  sailed  along 
with  the  original  design  and 
the  few  changes  requested  by 
the  president.” 

No,  Not  Quite 

New  router  has  just  been 
configured  for  a  secure  tunnel 
to  let  a  branch  office  connect 
to  HQ’s  VoIP.  There’s  only 
one  thing  left  to  do:  Pilot  fish 
calls  a  user  at  the  branch  and 
asks  her  to  restart  the  router 
on  her  end.  He  describes  the 
router  to  her,  and  she  seems 
to  know  what  to  do.  But  when 
fish  tries  pinging  through  the 
tunnel  a  few  minutes  later,  he 
gets  nothing  -  no  ping,  no  ac¬ 


tivity,  dead  in  the  water.  So  he 
calls  the  user  again.  Fish:  Hey, 
did  you  restart  the  router? 
User:  “Yes,  but  I  had  to  use  a 
paper  clip.”  Fish:  What?  User: 
“I  had  to  use  a  paper  clip  to 
reset  the  router.”  Fish:  You’re 
kidding,  right?  User:  “No, 
why?”  Fish:  Are  you  telling 
me  that  you  took  a  paper  clip 
and  inserted  it  in  a  little  hole? 
User:  “Yup.  The  little  hole  said 
Reset,  and  that  was  what  you 
told  me  to  do.”  Fish:  I  told  you 
to  restart  the  router.  User: 
“Isn’t  that  the  same?” 

A  Little  Too  Quick 

This  small  business’s  home¬ 
grown  accounting  system 
takes  forever  to  sort  entries 
before  printing  invoices,  so  a 
grad  student  pilot  fish  is  hired 
to  work  on  improving  it.  His 
solution:  Rewrite  the  sort  rou¬ 
tine  using  the  Quicksort  algo¬ 
rithm  in  machine  code,  which 
fish  has  recently  seen  in  a 
journal  article.  “I  demonstrat¬ 
ed  my  work  to  the  accountant, 
showing  her  that  the  task 


that  used  to  take  six  hours 
now  finished  in  less  than  20 
seconds,”  says  fish,  who’s 
justly  proud  of  his  effort.  “She 
called  in  the  big  boss  and 
started  bragging  about  money 
well  spent.  That’s  when  I 
made  my  big  mistake:  I  told 
them  I  had  adapted  code  from 
a  journal.  The  big  boss  looked 
at  me  and  said,  ‘That’s  what 
we’re  paying  you  for,  to  type 
in  stuff  from  a  magazine?’  I 
had  learned  the  hard  way  the 
first  rule  in  software  develop¬ 
ment:  Don’t  tell  everything 
you  know.” 

■  Sharky’s  first  rule:  Tell  me 
everything  about  your  true 
tale  of  IT  life  at  sharky@ 
computerworld.com.  You’ll 
score  a  sharp  Shark  shirt  if 
I  use  it. 


O  TIRED  OF  BUNGLINQ  BOSSES 

and  clueless  co-workers? 

Swim  on  over  to  Shark  Bait 
and  share  your  tales  of  woe. 

sharkbait.computerworld.com, 

0 CHECK  OUT  Sharky's  blog.  browse  the 
Sharkives  and  sign  up  for  Shark  tank  home 
dSery  at  computerworld.com/sharky. 


■  COMPANIES 
IN  THIS  ISSUE 

Page  number  refers  to  page  on  which 
story  begins.  Company  names  can  also 
be  searched  at  computerworid.com 


Accendor  Research  Inc . 20 

Ace  Hardware  Corp . 34 

Alcatel-Lucent . 10 

Alibaba.com  Ltd . 10 

Ariston  Consulting  &  Technologies  Inc . 8 

Barrick  Gold  Corp . 8 

Budget  Pest  Control . 10 

Bureau  of  Alcohol,  Tobacco  and  Firearms . 24 

Bureau  of  Prisons . 24 

Canadian  Tire  Corp . 6 

CareerBuilder  LLC . 36 

Cassatt  Corp . 15 

Cisco  Systems  Inc . 6, 8 

Drug  Enforcement  Administration . 24 

Ecma  International . 40 

EMC  Corp . 8 

eMediaUSA . 15 

Facebooklnc . 16 

Federal  Bureau  of  Investigation . 22 

Ford  Motor  Co . 26 

Forrester  Research  Inc . 6 

Gartner  Inc . 11, 12, 30 

General  Services  Administration . 11 

George  Washington  University . 26 

Goldcorp  Inc . 16 

Google  Inc . 6,10 

Hewlett-Packard  Co . 8 

IBM . 4,6,16,36 

IDtrack . 4 

llluminata  Inc . 8 


Integrated  Justice 

Information  System  Institute . 22, 24 

Intel  Corp . 10 

ISO . 6,40 

J.Gold  Associates  LLC . 12 

Johnson  Space  Center . 10 

KPMG  International . 26 

Los  Angeles  Community  College  District . 14 

Marsh  &  McLennan  Co . 26 

Microsoft  Corp . 6, 10, 12, 28, 36, 40 

National  Aeronautics  and 

Space  Administration . 10 

National  Science  Foundation . 11 

NCR  Corp . 4 

Novell  Inc . 8 

Nuclear  Regulatory  Commission . 11 

OpenOffice.org . 6 

Oregon  State  Police . 22 

Peace  Corps . 36 

Pennsylvania  Office  of 

Criminal  Justice  Improvement . 24 

Red  Hat  Inc . 8 

Research  In  Motion  Ltd . 12 

Sandown  Health  Centre . 10 

SANS  Institute . 11 

SAP  AG . 8 

Search . 22 

Sony  Corp . 4 

St.  Luke’s  Episcopal  Health  System . 14 

Starbucks  Corp . 36 

Stec  Inc . 8 

Sterling  Publishing  Co . 30 

Strangeloop  Networks  Inc . 15 

SuccessantLLC . 26 

Sun  Microsystems  Inc . 15 

Symark  International  Inc . 15 

Texas  A&M  University . 10 

Texas  AgriLife  Extension  Service . 10 


Texas  Department  of  Agriculture . . 10 

Texas  Department  of  Public  Safety . 24 

The  Procter  &  Gamble  Co . 6 

U.K.  National  Health  Service . 10 

U.S.  Agency  for 

International  Development . 11 

U.S.  Air  Force . 24 

U.S.  Border  Patrol . 22 

U.S.  Department  of  Agriculture . 11 

U.S.  Department  of  Commerce . 11 

U.S.  Department  of  Defense . 11, 22 

U.S.  Department  of  Homeland  Security . 22 

U.S.  Department  of  Housing  and 

Urban  Development . 11 

U.S,  Department  of  Justice . 11, 22 

U.S.  Department  of  Labor . 11 

U.S.  Department  of  State . 34 

U.S.  Department  of  the  interior . 11 

U.S.  Department  of  the  Treasury . 11 

U.S.  Department  of  Transportation . 11 

U.S.  Department  of  Veterans  Affairs . 11 

U.S.  Environmental  Protection  Agency . 11 

U.S.  International  Trade  Commission . 10 

U.S.  Marshals  Service . 24 

U.S.  Office  of  Personnel  Management . 11 

U.S.  Social  Security  Administration . 11 

United  Nations . 34 

University  of  California,  Berkeley. . 6 

Verizon  Wireless . 12 

We  Energies . 6 

White  House  Office  of 

Management  and  Budget . 11 

Yahoo  Inc . 10 

YouTube  LLC . 16 


Akamai . 7 

www.akamai.com/10years 
Best  Practices  in  Mobile  &  Wireless . 31 


Akamai . 7 

www.akamai.com/10years 

Best  Practices  in  Mobile  &  Wireless . 31 

www.mwwusa.com 

CA . 3 

ca.com/secure 

Canon . C2-1 

www.usa.canon.com 

CDW  Corporation . 13 

CDW.com 

dtSearch . 35 

www.dtsearch.com 

Faronics . 35 

www.faronlcs.com/6reenlT 

Green  IT  Symposium . 33 

www.greenltsymposium.com/cwad 

Hewlett-Packard  Exstream . 9 

www.exstream.com/hpsynergy 

InterSystems . C3 

lnterSystems.com/Connect14A 

IT  WatchDogs . 35 

www.ITWatcnDogs.com 

Kodak . 17 

kodak.com/go/heavymetal 

Novell . 19 

morelnterop.com 

SonicWALL . 29 

www.sonicwail.com/dandelion 

Sun  Microsystems . C4 

mysql.com/trials 

SunGard  Availability  Services . 21 

www.availabitity.sungard.com/ia 


TkbMnlxmtMwat 


Periodical  postage  paid  at  Framingham.  Mass.,  and  other  mailing  offices.  Posted  under  Canadian  International  Publication  agreement  PM40063731.  CANADIAN  POSTMASTER;  Please  return  undetiverable  copy  to  PO  Box  1632.  Windsor.  Ontario  N9A  7C9.  Computerwortd  (ISSN  0010- 
4841)  Is  published  weekly,  except  for  a  single  combined  Issue  the  first  two  weeks  ol  July  and  the  last  two  weeks  of  December  by  Computerwortd.  Inc,  1  Speen  Street.  Box  9171.  Framingham.  Mass.  01701-9171.  Copyright  2008  by  Computerworld  Inc  All  rights  reserved.  Computerwortd  can  be 
purchased  on  microfilm  and  microfiche  through  University  Microfilms  Inc.  300  N.  Zeeb  Road.  Ann  Arbor.  Mich.  48106.  Computerworld  is  Indexed.  Back  issues,  if  available,  may  be  purchased  from  the  circulation  department.  Photocopy  rights  permission  to  photocopy  tor  internal  or  personal 

use  is  granted  by  Computerworld  Inc  for  libraries  and  other  users  registered  with  the  Copyright  Clearance  Center  (CCC).  provided  that  the  base  lee  of  $3  per  copy  o(  the  article,  plus  50  cents  per  page.  Is  paid  directly  to  Copyright 


•f  PA  ABM 


% 


Clearance  Center.  27  Congress  St..  Salem.  Mass.  01970.  Reprints  (minimum  100  copies)  and  permission  to  reprint  may  be  purchased  from  Erik  Eberz.  Computerworld  Reprints,  c/o  The  YGS  Group.  6reen6eld  Corporate  Center. 
1808  Colonial  Village  Lane.  Lancaster.  Pa..  17601,  (800)  290-5460.  Ext  150.  Fax:  (717)  399-8900.  Web  site:  www.reprintbuyer.com.  E-mail:  computerworid@theygsgroup.com.  Requests  lor  missing  issues  wA  be  honored  only  If 
received  within  60  days  of  issue  date.  Subscription  rates:  S5  per  copy  U.S.  -  $99.99  per  year:  Canada  -  S130  per  year.  Central  &  So.  America.  $250  per  yean  Europe  -  $295  per  year:  al  other  countries  -  $295  per  year.  Subscrip¬ 
tions  cril  toll-free  (888)  559-7327  POSTMASTER:  Send  Form  3579  (Change  of  Address)  to  Computerworld,  PO  Box  3500.  Northbrook.  I.  60065-3500. 


COMPUTERWORLD 

HEADQUARTERS 

P.O.  Box  9171, 1  Speen  Street 
Framingham,  MA  01701-9171 
(508)879-0700 
Fax  (508)  875-4394 


President/Publisher/CEO 

Matthew  J.  Sweeney 
(508)271-7100 

Executive  Assistant  to  the 
President/Publisher/CEO 

Diana  Cooper 
(508)820-8522 

Vice  President/ 

General  Manager  Online 

Martha  Connors 
(508)620-7700 

Vice  President,  Marketing 

Matt  Duffy 
(508)820-8145 

Vice  President, 

Custom  Content 

Bill  Laberis 
(508)820-8669 


CIRCULATION 
Circulation  Manager 

Diana  Turco  (508)  820-8167 


PRODUCTION 

Vice  President,  Production 

Carolyn  Medeiros 

Production  Manager 

Kim  Pennett 

Print  Display  Advertising 

(508)820-8232 
Fax  (508)  879-0446 


DISTRIBUTION 
Director  of  Distribution  and 
Postal  Affairs  Bob  Wescott 


STRATEGIC  PROGRAMS 
AND  EVENTS 
Director,  Business 
Development  John  Vulopas 
Vice  President,  Strategic 
Programs  &  Events  Ann  Harris 
Vice  President,  Event 
Marketing  and  Conference 
Programs  Derek  Hulitzky 


Vice  President, 

Human  Resources 

Julie  Lynch 
(508)820-8162 

Executive  Vice  President, 
Strategic  Programs 

Ronald  L.  Milton 
(508)820-8661 

Vice  President/Publisher 
Computerworld.com 

Gregg  Pinsky 
(508)271-8013 

Executive  Vice  President/COO 

Matthew  C.  Smith 
(508)820-8102 

Vice  President/Editorial  Director 

Don  Tennant 
(508)620-7714 

Vice  President,  Circulation 

Debbie  Winders 
(508)820-8193 


International  Data  Group 
Chairman  of  the  Board 

Patrick  J.  McGovern 

CEO, 

IDO  Communications 

BobCarrigan 


Computerworld  is  a  business  unit 
of  IDG,  the  world's  leading  technol¬ 
ogy  media,  research  and  events 
company,  IDG  publishes  more  than 
300  magazines  and  newspapers 
and  offers  online  users  the  largest 
network  of  technology-specific 
sites  around  the  world  through 
IDG.net  (www.idg.nef),  which 
comprises  more  than  330  targeted 
Web  sites  in  80  countries.  IDG 
is  also  a  leading  producer  of  168 
computer-related  events  worldwide, 
and  IDG's  research  company,  IDC, 
provides  global  market  intelligence 
and  advice  through  51  offices  in  43 
countries.  Company  information  is 
available  at  www.idg.com. 


President/Publisher/CEO 

Matthew  J.  Sweeney  (508)  271-7100 
Fax  (508)  270-3882 


Vice  President/Assoc.  Publisher, 
Integrated  &  Custom  Programs 

John  Amato  (508)  820-8279 
Fax  (508)  626-8524 


Sales  Operations  Manager 

Dawn  Cora  (508)  820-8133 

■  NORTHWESTERN  STATES 

■  BAY  AREA 
Vice  President, 

Integrated  Programs 

Jim  Barrett  (415)  978-3306 
Account  Executive 
Chris  Da  Rosa  (415)  978-3304 
Mailing  Address 

501  Second  Street,  Suite  114 
San  Francisco,  CA  94107 
Fax  (415)  543-8010 


■  SOUTHWESTERN  STATES 

■  CENTRAL  STATES 
Vice  President, 

Integrated  Programs 

Bill  Hanck  (949)  442-4006 
Account  Executive 
Emmie  Hung  (415)  978-3308 
Mailing  Address 

19200  Von  Karman  Avenue 
Suite  360,  Irvine,  CA  92612 
Fax  (949)  476-8724 


■  SOUTHEASTERN  STATES 
Vice  President, 

Integrated  Programs 

Lisa  Ladle-Wallace  (904)  284-4972 

Mailing  Address 

5242  River  Park  Villas  Drive 
St.  Augustine,  FL  32092 
Fax  (800)  779-8622 

Senior  Sales  Associate, 
Integrated  Programs 

Jess  Roman  (508)  271-7108 
Mailing  Address 

P.O.  Box  9171, 1  Speen  Street 
Framingham,  MA  01701 
Fax  (508)  270-3882 


■  NEW  ENGLAND  STATES 
Director,  Integrated  Programs 

Deborah  Crimmings  (508)  271-7110 

Senior  Sales  Associate, 
Integrated  Programs 

Jess  Roman  (508)  271-7108 
Mailing  Address 

P.O.  Box  9171, 1  Speen  Street 
Framingham,  MA  01701 
Fax  (508)270-3882 


■  METRO  NEW  YORK 

H  EASTERN  CENTRAL 
STATES/INDIANA 

Vice  President, 

Integrated  Programs 

Peter  Mayer  (201)  634-2324 

Account  Executive 

John  Radzniak  (201)  634-2323 

Mailing  Address 

650  From  Road,  Suite  225 
Paramus,  NJ  07652 
Fax  (201)  634-9289 


Director,  Event  Management 

Michael  Meleedy 

Executive  Programs  Specialist 
Executive  Assistant  Kelly  McGill 
Fax  (508)  626-8524 


ONLINE  ADVERTISING 

Vice  President/Associate  Publisher 

Sean  Weglage  (415)  978-3314 
Fax  (415)  543-8010 

Online  Sales  Director,  East  Coast 

James  Kalbach  (610)  971-1588 

Online  Sales  Managers 

Farrah  Forbes 
(415)978-3313 
Fax  (415)  543-8010 

Jennell  Hicks 
(415)978-3309 
Fax  (415)  543-8010 

Matthew  Wintringham 
(508)270-3882 
Fax  (508)  270-3882 

Account  Services  Director 

Bill  Rigby  (508)  820-8111 
Fax  (508)270-3882 
Online  Sales  Assistant 

Joan  Olson  (508)  270-7112 
Fax  (508)  270-3882 


IT  CAREERS 
Director  of  Sales 

Laura  Wilkinson  (847)  441-8877 
Fax  (847)441-8878 


LIST  RENTAL 
Postal  and  E-mail 

Rich  Green  (508)  370-0832 

rgreen@idglist.com 

Mailing  Address 

IDG  List  Services,  P.O.  Box  9151 

Framingham,  MA  01701-9151 

Fax  (508)  370-0020 


Customer  Service 

(888)  559-7327  toll  free 

Local  or  outside  U.S. 

(847)  559-1573 
E-mail:  cw@omeda.com 


■  FRANKLY  SPEAKING 


‘Office’  Politics 


OK,  TRY  TO  FOLLOW  THIS:  Microsoft  has  spent 
the  past  two  years  slamming  its  Open  XML  file 
format  through  the  process  to  make  it  an  interna¬ 
tional  standard.  Along  the  way,  there’s  been  arm- 
twisting,  committee-packing,  bribery  and  other  chicanery.  But 
by  last  week,  Microsoft  was  one  step  away  from  success. 

And  that’s  when  Microsoft  adopted  a  competing  standard. 


Sound  crazy?  Sure 
—  until  you  learn  that 
Microsoft’s  own  products 
don’t  actually  conform 
to  the  standard  that  Mi¬ 
crosoft  has  been  twisting 
arms  to  pass.  And  that 
the  competing  standard, 
the  OpenDocument  for¬ 
mat  (ODF),  will  actually 
be  easier  to  add  to  Mi¬ 
crosoft  Office  than  Open 
XML  would  be. 

So  if  Microsoft  wants 
to  sell  an  office  suite  with 
a  file  format  that  meets 
formal  international  stan¬ 
dards  anytime  soon,  it 
has  to  go  with  ODF. 

That’s  why  the  compa¬ 
ny  announced  last  week 
that  the  next  service  pack 
for  Office  2007  will  in¬ 
clude  the  ability  to  save 
Office  documents  in  ODF 
but  that  complying  with 
the  Open  XML  standard 
will  have  to  wait  until  the 
next  full  version  of  Mi¬ 
crosoft  Office. 

Think  you’re  all  the 
way  down  this  rabbit 
hole?  Think  again:  Why 
is  Microsoft  so  interested 


in  conforming  to  inter¬ 
national  standards  with 
its  office  suite,  anyway? 
Doesn’t  Microsoft  al¬ 
ready  pretty  much  own 
that  market? 

Sure.  And  that’s  why 
developers  of  competing 
office  suites  —  in  par¬ 
ticular,  the  open-source 
OpenOffice  —  started 
lobbying  years  ago  to 
get  large  users  such  as 
governments  to  require 
archival  storage  formats 
that  aren’t  under  the  con¬ 
trol  of  a  single  vendor. 

They  had  a  point.  Mi¬ 
crosoft  is  notorious  for 
changing  its  file  formats 
with  every  new  release  of 
Office  and  only  partially 
documenting  the  for¬ 
mats.  That  threatens  to 

■  Turns  out  the 
OpenDocument  file 
format  will  actually 
be  easier  to  add  to 
Microsoft  Office 
than  Open  XML 
would  be. 


turn  archival  documents 
created  with  Office  into 
just  so  many  incompre¬ 
hensible  bits. 

The  competitors  spent 
five  years  getting  their 
OpenDocument  format 
for  XML-based  docu¬ 
ments  approved  as  a  for¬ 
mal  standard,  first  by  the 
OASIS  consortium  and 
then  by  the  international 
standards  group  ISO. 
They  hoped  that  would 
give  them  a  leg  up 
against  Microsoft, 
which  was  commit¬ 
ted  to  its  own  XML 
document  format, 

Open  XML. 

But  Microsoft 
found  a  tame  stan¬ 
dards  group,  Ecma,  to 
fast-track  Open  XML 
to  become  a  standard. 
Despite  complaints  that 
the  fast-track  process  is 
supposed  to  be  only  for 
well-understood,  widely 
implemented  formats  — 
and  there  was  only  one 
vendor  offering  Open 
XML,  Microsoft  —  by  late 
April,  Microsoft  had  nar¬ 


rowly  won  the  final  round 
of  votes,  and  its  format 
was  a  draft  ISO  standard. 

That  was  when  ISO 
revealed  that  Microsoft 
Office  2007  doesn’t  actu¬ 
ally  meet  the  spec  for 
the  standard  Microsoft 
worked  so  hard  to  pass. 

Which  means  there  are 
zero  vendors  currently 
offering  Open  XML. 

After  a  hard  look  at 
how  long  it  would  take  to 
meet  the  ISO  specifica¬ 
tions  for  each  of  the  for¬ 
mats,  Microsoft  decided 
ODF  would  be  easier  to 
do.  That’s  why  it  will 
come  first. 

And  here’s  the  fun- 
house-mirror  result  of 
this  long,  strange  trip: 

Microsoft  wins  its  stan¬ 
dards  battle,  but  adopts 
the  XML  file  format  it  has 
fought  against  for  years. 

Microsoft’s  competi¬ 
tors  succeed  in  getting 
Microsoft  to  adopt  their 
file  format  —  but 
lose  their  longed- 
for  leg  up  against 
Microsoft  Office. 

And  users  get  the 
standard  XML  file 
format  they  need 
—  just  nothing  like 
the  way  they  expected  to 
get  it. 

Follow  all  that?  Good. 
Now  will  someone  please 
remind  me  again  that 
standards  are  all  about 
predictability?  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 


FOR  MORE 
ON ‘OFFICE’ 
POL  i, 
SEE  THE 
NEWS 
STORY  ON 


40  C0MPUTERW0RLD  MAY  26,  2008 


5 


f 


The  fastest  way  to  have  a  connected  workplace. 


Work  with  InterSystems  Ensemble®  software  to  raise 
productivity  and  lower  costs. 

Ensemble  is  a  rapid  integration  and  development 
platform  that  makes  it  much  easier  to  connect  applications, 
processes,  and  people.  IT  managers  who  have  switched 
from  other  integration  products  report  they  can  finish 
projects  in  half  the  time  with  Ensemble. 

For  your  future  development  efforts,  if  you  embed 
Ensemble  you  can  create  a  new  class  of  applications  that 
are  connectable.  Plus,  you’ll  be  able  to  enhance  legacy 
applications  with  adaptable  workflow,  browser-based  user 


interfaces,  rules-based  business  processes,  dashboards, 
and  other  innovations  -  without  rewriting  your  code. 

Ensemble’s  technology  stack  includes  the  world's 
fastest  object  database  -  InterSystems  Cache®.  Cache's 
lightning  speed,  massive  scalability,  and  rapid  development 
environment  give  Ensemble  unmatched  capabilities. 

For  30  years,  we've  been  a  creative  technology 
partner  for  leading  enterprises  that  rely  on  the  high 
performance  of  our  products.  Ensemble  and  Cache  are 
so  reliable  that  the  world’s  best  hospitals  use  them  for 
life-or-death  systems. 


IhterSystems 

See  product  demonstrations  at  InterSystems.com/Connectl4A 


©  2008  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Ensemble  and  InterSystems  Cachl  arc  registered  trademarks  of  InterSystems  Corporation.  Other  product  names  are  the  trademarks  ot  thetr  respective  vendors.  5  -08  Work  14  CoWo 


My  choke  <rf  dambax 

/’s  Sftwg  as  the  IQfra's  ux>p 

dF  web  2.0 


Open.  Scalable.  And  now  fully  supported  by  Sun  around  the  globe. 

We'd  name  names,  but  the  copyright  police  would  get  out  their  whistles.  (Think  major  search  engines,  social  networking 
and  video  viewing  sites).  Let's  just  say  the  cream  of  the  Web  2.0  crop  all  have  one  thing  in  common.  They  run  MySQl^  the 
world’s  number  one  database  for  delivering  online  applications  -  and  now  backed  by  Sun.  When  you  go  with  a  MySQL 
Enterprise'  subscription,  you  get  unrivaled  production  support,  monitoring  services  and  the  world’s  most  popular  open 
source  database.  You  can  expect  a  TCO  reduction  of  up  to  90  percent.  And  MySQL  Database  is  easy,  safe,  reliable  and 
fast.  Find  out  why  thousands  of  corporations  trust  their  online  practices  to  MySQL  and  Sun.  For  a  free  update  on  the 
benefits  of  having  an  open  source  database,  call  1-866-221-0634.  Then  download  a  free  30-day  trial  at  mysql.com/trials. 
You’ll  be  able  to  say  with  confidence,  ‘My  company  is  ready  to  take  on  anything.’ 


MySQL 


microsystems 


®  2008  Sun  Microsystems,  Inc.  All  rights  reserved.  Sun,  Sun  Microsystems,  the  Sun  logo,  MySQL,  and  MySQL  Enterprise  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  or  its  subsidiaries  in  the  United  States  and  other  countries. 


